OpenSSLπ
Get certificate key and trust certificate from a pfx fileπ
This gets the private key with passphrase
openssl pkcs12 -in certificate.pfx -nocerts -out privatekey.pem
This gets the trust certificate
openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out trustcertificate.pem
This gets tge CA certificate
openssl pkcs12 -in fΓla.pfx -cacerts -nokeys -out ca-certificatw.pem
Remove passphrase from private key
openssl rsa -in privatekey.pem -out key.pem
Check certificate with OpenSSLπ
-
Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in CSR.csr -
Check a private key
openssl rsa -in privateKey.key -check -
Check a certificate
openssl x509 -in certificate.crt -text -noout -
Check a PKCS#12 file (.pfx or .p12)
openssl pkcs12 -info -in keyStore.p12
Create self-signed certificateπ
openssl genpkey -out server.key -algorithm RSA -pkeyopt rsa_keygen_bits:4096 # Create key
openssl req -new -key server.key -out server.csr # Create CSR
openssl req -text -in server.csr -noout # Check CSR
openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt # Create certificate that lasts 2 years
Check if private key and certificate matchπ
Get the md5 of certificate:
openssl x509 -noout -modulus -in CERTIFICATE.crt | openssl md5
Get the md5 of CSR
openssl req -noout -modulus -in CSR.csr | openssl md5
Get the md5 of private key
openssl rsa -noout -modulus -in PRIVATEKEY.key | openssl md5
If they all result in the same md5, all is good!
Get the expiration date of certificate fileπ
openssl x509 -enddate -noout -in file.pem
Get the expiration date of certificate over the Internetπ
echo -n Q | openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:${PORT} | openssl x509 -noout -dates
Example:π
echo -n Q | openssl s_client -servername runur.rocks -connect runur.rocks:443 | openssl x509 -noout -dates