Last active
June 7, 2017 07:23
-
-
Save dgersting/9369796181c555b576f4 to your computer and use it in GitHub Desktop.
SSL cheatsheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OpenSSL modules: | |
- genrsa | |
Generate an RSA private key | |
https://www.openssl.org/docs/apps/genrsa.html | |
- req | |
PKCS#10 certificate request and certificate generating utility. | |
https://www.openssl.org/docs/apps/req.html | |
- x509 | |
Certificate display and signing utility | |
https://www.openssl.org/docs/apps/x509.html | |
----------------------------------------- | |
# Generate both key & signing request at once | |
openssl req -newkey rsa:2048 [-nodes] -keyout key.pem -out csr.pem | |
# Generate RSA key | |
openssl genrsa [-aes128|-aes256|-des3] -out FILE.key KEY_SIZE | |
# Remove passphrase from key | |
openssl rsa -in key.pem -out key.pem | |
# Create csr | |
openssl req -new -key FILE.key -out FILE.csr | |
# Create self-signed crt | |
openssl req -x509 -new -days DAYS -key FILE.key -out FILE.crt | |
# Sign a csr | |
openssl x509 -req -days DAYS -in FILE.csr -CA CA.crt -CAkey CA.key [-CAcreateserial] -out SITE.crt | |
-or- | |
openssl x509 -req -days DAYS -CA CA_CERT -in FILE.csr -out FILE.crt | |
CA_CERT = combined key & crt for ca (`cat ca.key ca.crt > ca.cert`) | |
----------------------------------------- | |
# View cert signing request | |
openssl req -noout -text -in FILE.csr | |
# View cert | |
openssl x509 -noout -text -in FILE.crt | |
# View cert purpose | |
openssl x509 -purpose -in FILE.crt | |
# View cert revocation list | |
openssl crl -noout -text -in FILE.crl | |
----------------------------------------- | |
Chained certificate file ordering: Local -> Global |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment