OpenSSL

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

CSR Examples[edit]

Generate a new self signed certificate instead of a Certificate Signing Request (CSR)

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem

Output a self-signed certificate instead of a certificate request

-nodes (short for no DES) do not encrypt private key

-x509 Output a self-signed certificate instead of a certificate request

Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2

Read certificate (CRT)

openssl x509 -text -noout -in root.crt

Read CSR

openssl req -text -noout -in root.csr

Public keys[edit]

Generate a public key from a PEM private key

openssl rsa -in mykey.pem -pubout > mykey.pub

Activities[edit]

Generate a random number: openssl rand -base64 32^[1]
Save remote SSL cert as a file:
- openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443^[2]
- openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > mycertfile.pem

Encrypt and decrypt files using openssl enc

Related terms[edit]

Vulnerabilities[edit]

Related[edit]

pycrypto python library

See also[edit]

openssl: openssl rand | openssl s_client | openssl req | openssl rsa | openssl genrsa | openssl x509 | openssl ca | openssl verify | openssl ec | openssl dgst | openssl pkcs12 | openssl asn1parse | openssl help | .cer to .pem
OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange, /etc/ssl/openssl.cnf, OpenSSL v3
OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain
HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL, openSSL, WebSockets, WebRTC, ssl_certificate QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers, --insecure, Axios HTTP client, HTTP cookies, HTTP ETag
Encryption, openssl, ecryptfs, encfs, GPG, PGP, Symantec Encryption Desktop, VeraCrypt, CMEK, BitLocker, OAEP
Secrets: Kubernetes secrets, ansible-vault, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, git-crypt, SOPS: Secrets OPerationS, Google Cloud Secret Manager
Public-key cryptography: RSA, DSA, ECDSA, EdDSA (Ed25519), AES, RSA Conference, hash, pkeyutl, Signature, key length, Easyrsa, OAEP, Ron Rivest, Adi Shamir, Leonard Adleman
SSL: OpenSSL, LibreSSL, wolfSSL, SSL pinning, /etc/ssl/certs/, ca-certificates, /etc/ssl/, sslscan

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL

[1] ttps://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/

[2] ttps://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file

[1]

[2]

OpenSSL

Contents

CSR Examples[edit]

Public keys[edit]

Activities[edit]

Related terms[edit]

Vulnerabilities[edit]

Related[edit]

See also[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools