Difference between revisions of "OpenSSL"

From wikieduonline
Jump to navigation Jump to search
 
(63 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Wikipedia:OpenSSL|OpenSSL]] (1988) is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol.
  
 +
* <code>[[yum install openssl]]</code>
 +
* [[rpmfind.net]]: https://rpmfind.net/linux/rpm2html/search.php?query=openssl
  
 +
== CSR Examples ==
  
 +
* '''Generate a new '''self signed certificate''' instead of a [[Certificate Signing Request (CSR)]] '''
 +
: <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.[[pem]]</code>
 +
::Output a self-signed certificate instead of a certificate request
 +
:::<code>-nodes</code> (short for no DES) do not encrypt private key
 +
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request
 +
 +
* Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2
 +
 +
 +
* Read certificate ([[CRT]])
 +
:<code>openssl [[x509]] -text -noout -in root.crt</code>
 +
 +
* Read [[CSR]]
 +
:<code>openssl req -text -noout -in root.csr</code>
 +
 +
 +
== Public keys ==
 +
* Generate a [[public key]] from a [[PEM]] private key
 +
:<code>openssl [[rsa]] -in mykey.pem -pubout > mykey.pub</code>
  
 
== Activities ==
 
== Activities ==
* Generate a [[random]] number: <code>openssl rand -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
+
* Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
* <code>openssl s_client -showcerts -connect gnupg.org:443</code>
+
* Save remote [[SSL]] cert as a file:
 +
** <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref>
 +
** <code>openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | [[openssl x509]] -outform PEM > mycertfile.pem </code>
 +
 
 +
* [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code>
 +
 
 +
== Related terms ==
 +
* <code>[[ansible-vault]] encrypt|decrypt|view</code>
 +
* <code>[[ssh-keygen]]</code>
 +
* [[Cypher]]
 +
* [[Hash]]
 +
* <code>[[openssl (command)]]</code>
 +
* [[OpenSSL v3]]
 +
 
 +
== Vulnerabilities ==
 +
 
 +
 
 +
== Related ==
 +
* <code>[[pycrypto]]</code> python library
  
 
== See also ==
 
== See also ==
* {{OpenSSH}}
+
* {{openssl}}
* <code>[[ansible-vault]]</code>
+
* {{openSSL}}
 +
* {{OpenSSH}}  
 +
* {{HTTPS}}
 +
* {{Encryption}}
 +
* {{secrets}}
 +
* {{RSA}}
 +
* {{SSL}}
  
  
[[Category:Security]]
+
[[Category:IT Security]]
 
[[Category:Cryptography]]
 
[[Category:Cryptography]]
 +
 +
{{CC license}}
 +
Source: https://en.wikiversity.org/wiki/OpenSSL

Latest revision as of 10:32, 17 January 2024

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

CSR Examples[edit]

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem
Output a self-signed certificate instead of a certificate request
-nodes (short for no DES) do not encrypt private key
-x509 Output a self-signed certificate instead of a certificate request


  • Read certificate (CRT)
openssl x509 -text -noout -in root.crt
openssl req -text -noout -in root.csr


Public keys[edit]

openssl rsa -in mykey.pem -pubout > mykey.pub

Activities[edit]

Related terms[edit]

Vulnerabilities[edit]

Related[edit]

See also[edit]

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL

Advertising: