Skip to main content

Macam2 cerita pasal OPENSSL

USEFUL OPENSSL ONE-LINERS
As a follow up for the certificate authority posting, here are some (hopefully) useful openssl one-liners:

# creating a key
openssl genrsa -aes256 -out user.key 4096

# creating a certificate signing request
openssl req -sha256 -new -key user.key -out user.csr
# signing the certificate signing request with a certificate authority
openssl ca -config ca.config -out user.crt -infiles user.csr
# creating a self sigend certificate
openssl req -sha256 -new -x509 -key user.key -out user.crt
# verify if the ca.crt has really signed user.crt
openssl verify -CAfile ca.crt user.crt
# decrypting the key
openssl rsa -in user.key -out user.key.decrypted
# creating a pkcs#7 format certificate in DER format
openssl crl2pkcs7 -nocrl -certfile user.crt -certfile ca.crt -outform DER -out user.p7c
# creating a pkcs#12 format certificate (IIS)
openssl pkcs12 -export -in user.crt -inkey user.key -out server.pkcs12

# checking the data of a key
openssl rsa -noout -text -in user.key
# checking the data of the certificate request
openssl req -text -noout -in user.csr
# checking the data of a certificate
openssl x509 -noout -text -in user.crt
# checking the data of a pcks#7 certificate
openssl pkcs7 -inform DER -text -print_certs -in user.p7c
# checking the data of a pkcs#12 certificate
openssl pkcs12 -noout -info -in user.pkcs12

# showing the MD5 fingerprint of a certificate
openssl x509 -noout -fingerprint -in user.crt
# showing the SHA1 fingerprint of a certificate
openssl x509 -noout -fingerprint -sha1 -in user.crt
# converting a key from PEM to DER format
openssl rsa -inform PEM -outform DER -in user.key.decrypted -out user.der
# converting a certificate from PEM to DER format
openssl x509 -inform PEM -outform DER -in user.crt -out user.der
# check, if the certificate installation was successful
openssl s_client -connect FQDN:443 -CAfile /usr/local/lib/openssl/certs/ca-bundle.crt | openssl x509 -text | less

# provide an ssl server to test against
openssl s_server -accept 9000 -cert user.crt -key user.key
# verify a s/mime signature
openssl smime -CAfile /usr/local/lib/openssl/certs/ca-bundle.crt -verify -in messagefile >/dev/null

# extract the s/mime Certificate to something usable :-)
openssl smime -pk7out -in messagefile | openssl pkcs7 -print_certs

# show subject, startdate, enddate (validy-time / expire-date)
openssl x509 -noout -subject -startdate -enddate -in user.crt

Credit to: https://hexeract.wordpress.com/2009/04/17/useful-openssl-one-liners/

Comments

Popular posts from this blog

AI Tools 12 For Marketing

 AI Tools 12 For Marketing

Visual Studio 2022 & IIS 10 dalam Localhost dev. dengan error ERR_HTTP2_PROTOCOL_ERROR

 Salam geng. Pening seharian aku, selepas hari semalam aku update semua NuGet Packages dalam VS, tiba2 buka project dan run F5 dalam debug mode keluar error ERR_HTTP2_PROTOCOL_ERROR. Ah sudah naya pak karim. Apa dah jadi selepas update VS NuGet? Puas mencari solution untuk fix masalah tu. Aku tenung2, aku rasa VS aku tak ada masalah sebab aku boleh Build/Rebuild Solution aku without error. Aku mula syak IIS10 aku kaput. Tapi aku test dengan cara yang paling simple. Aku create satu subdirectory dan letak satu fail default.asp. File simple asp classic je. Try cuba run page tu. Masih lagi keluar ERR_HTTP2_PROTOCOL_ERROR. So aku rasa betullah IIS aku kaput. So aku mula nak baiki IIS. Terpikir aku dulu2 aku pernah repair dengan cara run ".../aspnetreg.exe -i". Tapi untuk kes ni, aplikasi tu tak mau jalan sebab aku pakai framework .NET 4.8. Kes aspnetreg tu hanya untu FW 2.0 atau 3.5 aje. Aku rehat sekejap, bertenang minum air masak. Semasa solat aku berdoa kat Allah supaya ber...

AI Tools 10

 AI Tools 10