Difference between revisions of "OpenSSL"

From wikieduonline
Jump to navigation Jump to search
Line 25: Line 25:
 
== Activities ==
 
== Activities ==
 
* Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
 
* Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
* Save remote [[SSL]] cert as a file: <code>openssl s_client -showcerts -connect gnupg.org:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref>
+
* Save remote [[SSL]] cert as a file:
 +
** <code>openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref>
 +
** <code>openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443</code> </dev/null 2>/dev/null | [[openssl x509]] -outform PEM > mycertfile.pem
 +
 
 
* [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code>
 
* [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code>
  

Revision as of 06:32, 6 October 2020

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

CSR Examples

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem
Output a self-signed certificate instead of a certificate request
-nodes (short for no DES) do not encrypt private key
-x509 Output a self-signed certificate instead of a certificate request


  • Read certificate (CRT)
openssl x509 -text -noout -in root.crt
openssl req -text -noout -in root.csr


Public keys

openssl rsa -in mykey.pem -pubout > mykey.pub

Activities

  • Generate a random number: openssl rand -base64 32[1]
  • Save remote SSL cert as a file:
    • openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443[2]
    • openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > mycertfile.pem

Related terms

Vulnerabilities

See also

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL

Advertising: