Difference between revisions of "OpenSSL"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
(28 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[Wikipedia:OpenSSL|OpenSSL]] (1988) is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol. | [[Wikipedia:OpenSSL|OpenSSL]] (1988) is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol. | ||
+ | |||
+ | * <code>[[yum install openssl]]</code> | ||
+ | * [[rpmfind.net]]: https://rpmfind.net/linux/rpm2html/search.php?query=openssl | ||
== CSR Examples == | == CSR Examples == | ||
− | * '''Generate a new self signed | + | * '''Generate a new '''self signed certificate''' instead of a [[Certificate Signing Request (CSR)]] ''' |
− | : <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.pem</code> | + | : <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.[[pem]]</code> |
::Output a self-signed certificate instead of a certificate request | ::Output a self-signed certificate instead of a certificate request | ||
:::<code>-nodes</code> (short for no DES) do not encrypt private key | :::<code>-nodes</code> (short for no DES) do not encrypt private key | ||
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request | :::<code>-x509</code> Output a self-signed certificate instead of a certificate request | ||
− | * | + | * Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2 |
− | : | ||
Line 16: | Line 18: | ||
:<code>openssl [[x509]] -text -noout -in root.crt</code> | :<code>openssl [[x509]] -text -noout -in root.crt</code> | ||
− | + | * Read [[CSR]] | |
− | + | :<code>openssl req -text -noout -in root.csr</code> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | * [[ | + | == Public keys == |
− | :<code>openssl | + | * Generate a [[public key]] from a [[PEM]] private key |
+ | :<code>openssl [[rsa]] -in mykey.pem -pubout > mykey.pub</code> | ||
== Activities == | == Activities == | ||
− | * Generate a [[random]] number: <code>openssl rand -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref> | + | * Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref> |
− | * <code>openssl s_client -showcerts -connect | + | * Save remote [[SSL]] cert as a file: |
− | * | + | ** <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref> |
+ | ** <code>openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | [[openssl x509]] -outform PEM > mycertfile.pem </code> | ||
+ | * [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code> | ||
− | == Related | + | == Related terms == |
* <code>[[ansible-vault]] encrypt|decrypt|view</code> | * <code>[[ansible-vault]] encrypt|decrypt|view</code> | ||
+ | * <code>[[ssh-keygen]]</code> | ||
+ | * [[Cypher]] | ||
+ | * [[Hash]] | ||
+ | * <code>[[openssl (command)]]</code> | ||
+ | * [[OpenSSL v3]] | ||
+ | |||
+ | == Vulnerabilities == | ||
+ | |||
+ | |||
+ | == Related == | ||
+ | * <code>[[pycrypto]]</code> python library | ||
== See also == | == See also == | ||
− | * | + | * {{openssl}} |
* {{openSSL}} | * {{openSSL}} | ||
− | * {{OpenSSH}} | + | * {{OpenSSH}} |
− | |||
* {{HTTPS}} | * {{HTTPS}} | ||
− | * | + | * {{Encryption}} |
− | |||
− | |||
* {{secrets}} | * {{secrets}} | ||
* {{RSA}} | * {{RSA}} |
Latest revision as of 10:32, 17 January 2024
OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.
Contents
CSR Examples[edit]
- Generate a new self signed certificate instead of a Certificate Signing Request (CSR)
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem
- Output a self-signed certificate instead of a certificate request
-nodes
(short for no DES) do not encrypt private key-x509
Output a self-signed certificate instead of a certificate request
- Output a self-signed certificate instead of a certificate request
- Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2
- Read certificate (CRT)
openssl x509 -text -noout -in root.crt
- Read CSR
openssl req -text -noout -in root.csr
Public keys[edit]
- Generate a public key from a PEM private key
openssl rsa -in mykey.pem -pubout > mykey.pub
Activities[edit]
- Generate a random number:
openssl rand -base64 32
[1] - Save remote SSL cert as a file:
openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443
[2]openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > mycertfile.pem
Related terms[edit]
ansible-vault encrypt|decrypt|view
ssh-keygen
- Cypher
- Hash
openssl (command)
- OpenSSL v3
Vulnerabilities[edit]
Related[edit]
pycrypto
python library
See also[edit]
openssl
[rand | s_client | passwd
|openssl req
|openssl rsa
|openssl genrsa
|openssl x509
|openssl ca
|openssl verify
|openssl ec
|openssl dgst
|openssl pkcs12
|openssl asn1parse
|openssl help
|.cer to .pem, openssl version
- OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange,
/etc/ssl/openssl.cnf
, OpenSSL v3 - OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF - HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - Encryption, openssl, ecryptfs, encfs, GPG, PGP, Symantec Encryption Desktop, VeraCrypt, CMEK, BitLocker, OAEP, Cypher
- Secrets: Kubernetes secrets,
ansible-vault
, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt
, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts - Public-key cryptography: RSA, DSA, ECDSA, EdDSA (Ed25519), AES, RSA Conference, hash,
pkeyutl
, Signature, key length, Easyrsa, OAEP, Ron Rivest, Adi Shamir, Leonard Adleman - SSL: OpenSSL, LibreSSL, wolfSSL, BoringSSL, SSL pinning,
/etc/ssl/certs/
,ca-certificates
,/etc/ssl/, sslscan2
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Advertising: