OpenSSL Commands Cheat Sheet: The Most Useful Commands
Here’s a list of the most useful OpenSSL commands
When it comes to SSL/TLS certificates and their implementation, there is no tool as useful as OpenSSL. Being an open-source tool, OpenSSL is available for Windows, Linux, macOS, Solaris, QNX and most of major operating systems.
With its core library written in C programming language, OpenSSL commands can be used to perform hundreds of functions ranging from the CSR generation to converting certificate formats. But for someone who just wants to install an SSL certificate, only a handful of commands are really necessary.
That’s why we’ve come up with the most commonly used OpenSSL commands along with their applications. Have a look:
OpenSSL Command to Generate Private Key
openssl genrsa -out yourdomain.key 2048
OpenSSL Command to Check your Private Key
openssl rsa -in privateKey.key -check
OpenSSL Command to Generate CSR
If you have generated Private Key:
openssl req -new -key yourdomain.key -out yourdomain.csr
Once you execute this command, you’ll be asked additional details. Enter them as below:
- Country Name: 2-digit country code where your organization is legally located.
- State/Province: Write the full name of the state where your organization is legally located.
- City: Write the full name of the city where your organization is legally located.
- Organization Name: Write the legal name of your organization.
- Organization Unit: Name of the department (Not Compulsory. Press Enter to skip)
- Common Name: Your Fully Qualified Domain Name (e.g., www.yourdomainname.com.)
- Email: The email ID through which certification will take place (Not Compulsory. Press Enter to skip)
If you haven’t generated your Private Key yet:
This command will generate CSR and private key in a single shot.
openssl req -new \ -newkey rsa:2048 -nodes -keyout yourdomain.key \ -out yourdomain.csr \ -subj "/C=US/ST=Florida/L=Saint Petersburg/O=Your Company, Inc./OU=IT/CN=yourdomain.com"
- Country Name: 2-digit country code where your organization is legally located.
- State/Province: Write the full name of the state where your organization is legally located.
- City: Write the full name of the city where your organization is legally located.
- Organization Name: Write the legal name of your organization.
- Organization Unit: Name of the department
- Common Name: Your Fully Qualified Domain Name
OpenSSL Command to Check CSR
openssl req -text -noout -verify -in CSR.csr
OpenSSL Commands to Convert Certificate and Key Files
OpenSSL commands to convert PEM file:
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cert
Convert PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
OpenSSL commands to convert DER file
Convert DER to PEM
To convert certificate file:
openssl x509 -inform DER -in yourdomain.der -outform PEM -out yourdomain.crt
To convert private key file:
openssl rsa -inform DER -in yourdomain_key.der -outform PEM -out yourdomain.key
OpenSSL commands to convert P7B file
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Convert P7B to PFX
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
OpenSSL commands to convert PKCS#12 (.pfx) file
Convert PFX to PEM
To convert certificate file:
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
To convert private key file:
openssl pkcs12 -in yourdomain.pfx -nocerts -out yourdomain.key -nodes
OpenSSL Command to Check a certificate
openssl x509 -in certificate.crt -text -noout
OpenSSL Command to Check a PKCS#12 file (.pfx file)
openssl pkcs12 -info -in keyStore.p12
Did we miss out on any? Please let us know in the comment section below.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown