Configure
Build your server
5.0
Rated excellent

Useful OpenSSL Commands

Useful OpenSSL Commands 15 November 2023

Contents of Articles:

  1. Introduction
  2. Generation
  3. Verification
  4. Conversion
  5. Export
  6. Additional Commands

Introduction

In this article, we delve into the realm of OpenSSL, an open-source cryptographic package designed for SSL/TLS operations. Whether you're a seasoned IT professional or just getting started, these useful OpenSSL commands will empower you to navigate the intricacies of certificate management with confidence.

OpenSSL is an open-source cryptographic package for SSL/TLS operations.

  • CRT (Certificate)
  • KEY (Key)
  • CSR (Certificate Signing Request)
  • DH (Diffie-Hellman Key)
  • PKCS#12 (PFX, P12) - Certificate with Private Key
  • DER - Binary Certificate Type
  • PEM - Base64 Certificate Type
  • P7B (PKCS#7) - Certificate Chain
  • DKIM (DomainKeys Identified Mail) - Email Authentication Method
  • RSA (Rivest–Shamir–Adleman) - Public Key Cryptosystem

Generation

Install OpenSSL on Debian:

sudo apt-get install openssl

Generate Private Key (4096 bits):

openssl genrsa -out server.key 4096

Generate CSR and Key Pair (2048 bits):

openssl req -out server.csr -new -newkey rsa:2048 -nodes -keyout server.key

Generate CSR for an existing Key:

openssl req -out server.csr -key server.key -new

Generate CSR for existing CRT and Key:

openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key

Generate Self-Signed CRT for one year:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt

Generate v3 CRT for one year:

openssl x509 -days 365 -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt

Example v3.ext:

authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

Order of Certificates in a File:

  1. Server Certificate
  2. Intermediate Certificate
  3. Root Certificate

cat server.crt > server.pem
 cat intermediate.crt >> server.pem
 cat ca.crt >> server.pem

Generate DH parameters:

openssl dhparam -out dhparam.pem 2048

Verification

Verify CSR:

openssl req -text -noout -verify -in server.csr

verify OK

Verify Key:

openssl rsa -in server.key -check

RSA key OK

Verify Public Key:

openssl rsa -inform PEM -pubin -in pub.key -text -noout
openssl pkey -inform PEM -pubin -in pub.key -text -noout

Read CRT:

openssl x509 -in server.crt -text -noout

Read CSR:

openssl req -in server.csr -noout -text

Verification of CSR and KEY Correspondence

The hashes of the certificate and key must match.

openssl x509 -noout -modulus -in server.crt | md5sum
openssl rsa -noout -modulus -in server.key | md5sum

Verification of Matching CSR and CRT

The hashes of the certificate and the signing request must match.

openssl x509 -noout -modulus -in server.crt | md5sum
openssl req -noout -modulus -in server.csr | md5sum

PKCS#12 Verification

openssl pkcs12 -info -in server.p12

Display All Certificates

openssl s_client -connect internet-lab.ru:443

Conversion

DER to PEM Conversion

openssl x509 -inform der -in server.cer -out server.pem

PEM to DER Conversion

openssl x509 -outform der -in server.pem -out server.der

PKCS#12 to PEM Conversion

openssl pkcs12 -in server.pfx -out server.pem -nodes

PEM to PKCS#12 Conversion

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt

Export

Exporting Public Key from Private Key

openssl rsa -in privkey.pem -pubout > key.pub

Exporting Public Key from Private CRT (Certificate)

openssl x509 -pubkey -noout -in cert.pem  > pubkey.pem

Additional Commands

Removing Password from Private Key

openssl rsa -in server.pem -out newserver.pem

List of Revoked Serial Numbers

openssl crl -inform DER -text -noout -in list.crl

File Encryption using rsautl

openssl rsautl -encrypt -in plaintext.txt -out encrypted.txt -pubin -inkey pubkey.pem

File Decryption using rsautl

openssl rsautl -decrypt -in encrypted.txt -out plaintext.txt -inkey privkey.pem

Elevate your server infrastructure without breaking the bank. At Newserverlife, we not only provide top-quality refurbished servers but also offer peace of mind with our commitment to reliability and performance.


Specialists of our company are ready to help you purchase the server and select the necessary server configuration for any required task.


Dell
  • 1U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 1536 GB (24 x DDR4)
  • 8SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 1536 GB (24 x DDR4)
  • 10SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 1536 GB (24 x DDR4)
  • 10SFF (4x NVME) Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 1536 GB (24 x DDR4)
  • 24SFF Bay 1.8" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 2048 GB (24 x DDR4)
  • 4LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 2048 GB (24 x DDR4)
  • 8SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 2048 GB (24 x DDR4)
  • 10SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 2048 GB (24 x DDR4)
  • 10SFF (4x NVME) Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 2048 GB (24 x DDR4)
  • 10SFF (8x NVME) Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 12LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 12LFF + 2SFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 16LFF + 2SFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 24SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 24SFF (4x NVME) Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 26SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 26SFF (4x NVME) Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 24SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 12LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 12LFF + 2SFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Dell
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 18LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 8SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 4LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 8SFF + 2NVMe Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 1U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 10NVMe Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 1U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 8SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 1U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 4LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 1U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 10SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 6144 GB (24 x DDR4)
  • 8SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 6144 GB (24 x DDR4)
  • 16SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 6144 GB (24 x DDR4)
  • 18SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 6144 GB (24 x DDR4)
  • 16SFF + 2NVMe Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 6144 GB (24 x DDR4)
  • 24SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 6144 GB (24 x DDR4)
  • 8LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 6144 GB (24 x DDR4)
  • 12LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 8SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 16SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 24SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 12LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 3072 GB (24 x DDR4)
  • 12LFF + 2SFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
HPE
  • 2U (rackmount)
  • up to 2 Xeon E5-2600v3/v4
  • up to 768 GB (24 x DDR4)
  • 15LFF Bay 3.5" (Hot Swap)
  • 2 x PSU (Hot Plug)