We can download all of the certificates in a chain from a specified host (this outputs the certificates in PEM format):
openssl s_client -showcerts -connect domain.com:443
We can also verify a certificate chain as follows:
openssl verify -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem
We can check a certificae with:
openssl x509 -in cert.pem -text -noout
Convert a DER file (.crt .cer .der) to PEM:
openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert a PEM file to DER:
openssl x509 -outform der -in certificate.pem -out certificate.der
Create a private key and CSR for signing by a CA:
openssl req -new -newkey rsa:2048 -nodes -keyout your domain name.key -out your domain name.csr
No comments:
Post a Comment