Tuesday 31 March 2015

Working with SSL Certificates using openssl

We can download all of the certificates in a chain from a specified host (this outputs the certificates in PEM format):
openssl s_client -showcerts -connect domain.com:443

We can also verify a certificate chain as follows:
openssl verify -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem

We can check a certificae with:
openssl x509 -in cert.pem -text -noout

Convert a DER file (.crt .cer .der) to PEM:
openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER:
openssl x509 -outform der -in certificate.pem -out certificate.der

Create a private key and CSR for signing by a CA:
openssl req -new -newkey rsa:2048 -nodes -keyout your domain name.key -out your domain name.csr


Post a Comment