OpenSSL Commands Cheat Sheet: The Most Useful Commands
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

OpenSSL Commands Cheat Sheet: The Most Useful Commands

Here’s a list of the most useful OpenSSL commands

When it comes to SSL/TLS certificates and their implementation, there is no tool as useful as OpenSSL. Being an open-source tool, OpenSSL is available for Windows, Linux, macOS, Solaris, QNX and most of major operating systems.

With its core library written in C programming language, OpenSSL commands can be used to perform hundreds of functions ranging from the CSR generation to converting certificate formats. But for someone who just wants to install an SSL certificate, only a handful of commands are really necessary.

That’s why we’ve come up with the most commonly used OpenSSL commands along with their applications. Have a look:

OpenSSL Command to Generate Private Key

openssl genrsa -out yourdomain.key 2048

OpenSSL Command to Check your Private Key

openssl rsa -in privateKey.key -check

OpenSSL Command to Generate CSR

If you have generated Private Key:

openssl req -new -key yourdomain.key -out yourdomain.csr

Once you execute this command, you’ll be asked additional details. Enter them as below:

  • Country Name: 2-digit country code where your organization is legally located.
  • State/Province: Write the full name of the state where your organization is legally located.
  • City: Write the full name of the city where your organization is legally located.
  • Organization Name: Write the legal name of your organization.
  • Organization Unit: Name of the department (Not Compulsory. Press Enter to skip)
  • Common Name: Your Fully Qualified Domain Name (e.g., www.yourdomainname.com.)
  • Email: The email ID through which certification will take place (Not Compulsory. Press Enter to skip)

If you haven’t generated your Private Key yet:

This command will generate CSR and private key in a single shot.

openssl req -new \

-newkey rsa:2048 -nodes -keyout yourdomain.key \

-out yourdomain.csr \

-subj "/C=US/ST=Florida/L=Saint Petersburg/O=Your Company, Inc./OU=IT/CN=yourdomain.com"
  • Country Name: 2-digit country code where your organization is legally located.
  • State/Province: Write the full name of the state where your organization is legally located.
  • City: Write the full name of the city where your organization is legally located.
  • Organization Name: Write the legal name of your organization.
  • Organization Unit: Name of the department
  • Common Name: Your Fully Qualified Domain Name

OpenSSL Command to Check CSR

openssl req -text -noout -verify -in CSR.csr

OpenSSL Commands to Convert Certificate and Key Files

OpenSSL commands to convert PEM file:

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cert

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

OpenSSL commands to convert DER file

Convert DER to PEM

To convert certificate file:

openssl x509 -inform DER -in yourdomain.der -outform PEM -out yourdomain.crt

To convert private key file:

openssl rsa -inform DER -in yourdomain_key.der -outform PEM -out yourdomain.key

OpenSSL commands to convert P7B file

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

OpenSSL commands to convert PKCS#12 (.pfx) file

Convert PFX to PEM

To convert certificate file:

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

To convert private key file:

openssl pkcs12 -in yourdomain.pfx -nocerts -out yourdomain.key -nodes

OpenSSL Command to Check a certificate

openssl x509 -in certificate.crt -text -noout

OpenSSL Command to Check a PKCS#12 file (.pfx file)

openssl pkcs12 -info -in keyStore.p12

Did we miss out on any? Please let us know in the comment section below.

Be the first to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *