OpenSSL Command Line Quick Reference
Is there anybody in the IT industry that wasn't doing something with openssl in April? I don't use the openssl command line utility that often, but last week it reminded me that openssl command line tool is pretty comprehensive and has some nice features. I thought on this occasion I'd record the most useful ones so that next time I don't have to look them up again!
1# Show Certificate Info
2$ openssl x509 -text -in server.cert
3$ openssl md5 server.cert
4$ openssl sha1 server.cert
5
6# Confirming openssl build info
7openssl version -a
8OpenSSL 1.0.1e-fips 11 Feb 2013
9built on: Tue Apr 8 00:29:11 UTC 2014
10platform: linux-x86_64
11options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
12compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
13OPENSSLDIR: "/etc/pki/tls"
14engines: dynamic
15
16# Generate hashed passwords (for example, for Anaconda)
17openssl passwd -1 mysecretword
18$1$utlS7bht$VLMQrtHnPU0mkSO/Kpzh/.
19
20# Directory complied in and used to search for openSSL files (--openssldir)
21openssl version -d
I tend to use commercial SSL certificates or ones from my company's internal CA. However, I found this text file in my home directory which I'm recording here for next time because it's a very easy quick reference for generating a self signed certificate:
1# Generate new private key
2openssl genrsa -aes256 -out my.key 4096
3
4# Generate new certificate request
5openssl req -new -key my.key -out my.csr
6
7# Sign certificate
8openssl x509 -req -days 3650 -in my.csr -signkey my.key -out my.crt
9
10# Remove cert password
11openssl rsa -in my.key -out my.key