March 24, 2019

Useful Commands - OpenSSL

openSSL is a very handy tool from the command line. Managing multiple sites and domains I almost use it everyday to do crypto relating things to websites - checking validity, preparing new CSRs, converting certificates to different formats for different operating systems. Here are some of those that I’ve used along the way

Read .cer in plain text

openssl x509 -in certificate.cer -text -noout

convert from pkcs12 (windows format, with private key and cert) to pem (-nocerts for only priv key or -nokeys for only certs)

openssl pkcs12 -in keystore.pfx -out keystore.pem -nodes

Read pfx cert

openssl pkcs12 -info -in cert.pfx

Read website SSL cert

openssl s_client -showcerts -servername -connect

using -servername for SNI

Get website SSL expiry

openssl s_client -showcerts -connect | openssl x509 -noout -dates

Convert privkey and cert to pfx (going from linux to windows)

openssl pkcs12 -export -out cert.pfx -inkey privkey.key -in cert.crt -certfile CAcert.cert -name "Friendly_name"

-name will add the Friendly name that shows up in windows certificate manager and IIS

Testing mail servers are using ssl

openssl s_client -connect -starttls smtp

verify csr

openssl req -in mycsr.csr -noout -text