Difference between revisions of "OpenSSL"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
Line 25: | Line 25: | ||
== Activities == | == Activities == | ||
* Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref> | * Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref> | ||
− | * <code>openssl s_client -showcerts -connect gnupg.org:443</code> | + | * Save remote [[SSL]] cert as a file: <code>openssl s_client -showcerts -connect gnupg.org:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref> |
* [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code> | * [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code> | ||
Revision as of 06:30, 6 October 2020
OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.
CSR Examples
- Generate a new self signed certificate instead of a Certificate Signing Request (CSR)
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem
- Output a self-signed certificate instead of a certificate request
-nodes
(short for no DES) do not encrypt private key-x509
Output a self-signed certificate instead of a certificate request
- Output a self-signed certificate instead of a certificate request
- Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2
- Read certificate (CRT)
openssl x509 -text -noout -in root.crt
- Read CSR
openssl req -text -noout -in root.csr
Public keys
- Generate a public key from a PEM private key
openssl rsa -in mykey.pem -pubout > mykey.pub
Activities
- Generate a random number:
openssl rand -base64 32
[1] - Save remote SSL cert as a file:
openssl s_client -showcerts -connect gnupg.org:443
[2] - Encrypt and decrypt files using
openssl enc
Related terms
ansible-vault encrypt|decrypt|view
ssh-keygen
- Cypher
- Hash
Vulnerabilities
See also
- Installing a web server/Nginx web server
- OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange,
/etc/ssl/openssl.cnf
, OpenSSL v3 - OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF - HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - encfs
- GPG
pbcopy
macOS command- Secrets: Kubernetes secrets,
ansible-vault
, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt
, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts - Public-key cryptography: RSA, DSA, ECDSA, EdDSA (Ed25519), AES, RSA Conference, hash,
pkeyutl
, Signature, key length, Easyrsa, OAEP, Ron Rivest, Adi Shamir, Leonard Adleman - SSL: OpenSSL, LibreSSL, wolfSSL, BoringSSL, SSL pinning,
/etc/ssl/certs/
,ca-certificates
,/etc/ssl/, sslscan2
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Advertising: