FUN WITH LINUX

Useful OpenSSL Commands

16 December 2014

Generate encrypted password (md5)

openssl passwd -1 'notsosecret'

Generate encrypted password (crypt)

openssl passwd -crypt 'notsosecret'

Generate Self-Signed Certificate plus private key(for example: to use with apache2)

openssl req -new -x509 -days 365 -nodes -out ./cert.pem -keyout ./private.pem

Generate Private Key

openssl genrsa -out ./private.pem 2048

Generate Certificate Signing Request

openssl req -new -days 365 -key ./private.pem -out request.csr

Generate Diffie-Hellman-Parameters

openssl dhparam 1024 >> dh1024.pem

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out cert.pfx -inkey private.key -in cert.crt -certfile ca.crt

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keystore.pfx -out cert.pem -nodes

Convert a DER-File to PEM

openssl x509 -inform der -in cert.cer -out cert.pem

Convert a PEM to DER

openssl x509 -outform der -in cert.pem -out cert.der

connect to a https SERVICE

openssl s_client -connect host:443 -state -debug
 GET / HTTP/1.0

Generate random numbers

echo $(openssl rand 4 | od -DAn)

Generate random strings

openssl rand -base64 6

Verify an online certificate from the cli

openssl s_client -connect google.com:443

check the dates of a certificate

openssl s_client -connect google.com:443|openssl x509 -dates -noout

extract info from a cert

openssl x509 -text -in cert.pem

who issued the cert?

openssl x509 -noout -in cert.pem -issuer

to whom was it issued?

openssl x509 -noout -in cert.pem -subject

for what dates is it valid?

openssl x509 -noout -in cert.pem -dates

what is its MD5 fingerprint?

openssl x509 -noout -in cert.pem -fingerprint

Generate a md5 hash

echo -n "your text to be ashed" |openssl md5

Benchmarking with OpenSSL

openssl speed

Benchmarking remote connections

openssl s_time -connect remote.host:443
[ Linux  Sysadmin  One-Liner  openssl  Crypto  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti