Generate encrypted password (md5)
openssl passwd -1 'notsosecret'
Generate encrypted password (crypt)
openssl passwd -crypt 'notsosecret'
Generate Self-Signed Certificate plus private key(for example: to use with apache2)
openssl req -new -x509 -days 365 -nodes -out ./cert.pem -keyout ./private.pem
Generate Private Key
openssl genrsa -out ./private.pem 2048
Generate Certificate Signing Request
openssl req -new -days 365 -key ./private.pem -out request.csr
Generate Diffie-Hellman-Parameters
openssl dhparam 1024 >> dh1024.pem
Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out cert.pfx -inkey private.key -in cert.crt -certfile ca.crt
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keystore.pfx -out cert.pem -nodes
Convert a DER-File to PEM
openssl x509 -inform der -in cert.cer -out cert.pem
Convert a PEM to DER
openssl x509 -outform der -in cert.pem -out cert.der
connect to a https SERVICE
openssl s_client -connect host:443 -state -debug
GET / HTTP/1.0
Generate random numbers
echo $(openssl rand 4 | od -DAn)
Generate random strings
openssl rand -base64 6
Verify an online certificate from the cli
openssl s_client -connect google.com:443
check the dates of a certificate
openssl s_client -connect google.com:443|openssl x509 -dates -noout
extract info from a cert
openssl x509 -text -in cert.pem
who issued the cert?
openssl x509 -noout -in cert.pem -issuer
to whom was it issued?
openssl x509 -noout -in cert.pem -subject
for what dates is it valid?
openssl x509 -noout -in cert.pem -dates
what is its MD5 fingerprint?
openssl x509 -noout -in cert.pem -fingerprint
Generate a md5 hash
echo -n "your text to be ashed" |openssl md5
Benchmarking with OpenSSL
openssl speed
Benchmarking remote connections
openssl s_time -connect remote.host:443