« Openssl cheatsheet » : différence entre les versions
Aller à la navigation
Aller à la recherche
(Page créée avec « =Conversion= ==PEM to DER== <pre>openssl x509 -outform der -in certificate.pem -out certificate.der</pre> ==PEM to PKCS#7/P7B== <pre>openssl crl2pkcs7 -nocrl -certfile c... ») |
|||
(8 versions intermédiaires par le même utilisateur non affichées) | |||
Ligne 1 : | Ligne 1 : | ||
[[category:security]] | |||
=Conversion= | =Conversion= | ||
Ligne 15 : | Ligne 17 : | ||
==Convert P7B to PEM== | ==Convert P7B to PEM== | ||
<pre>openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem</pre> | <pre>openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem</pre> | ||
=Validity / Information on a key= | |||
* Private key : | |||
<pre>openssl rsa -noout -text -in <key file></pre> | |||
* Signing request : | |||
<pre>openssl req -noout -text -in <csr file></pre> | |||
* Public key : | |||
<pre>openssl x509 -noout -text -in <crt/pem file></pre> | |||
* Check if public and private key matches : | |||
<pre> | |||
openssl x509 -noout -modulus -in server.pem | openssl md5 ;\ | |||
openssl rsa -noout -modulus -in server.key | openssl md5 | |||
</pre> | |||
=fingerprints= | |||
* SHA-1 | |||
<pre>openssl x509 -noout -fingerprint -sha1 -inform pem -in <crt/pem file></pre> | |||
* SHA-256 | |||
<pre>openssl x509 -noout -fingerprint -sha256 -inform pem -in <crt/pem file></pre> |
Dernière version du 21 juillet 2022 à 12:47
Conversion
PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
PEM to PKCS#7/P7B
openssl crl2pkcs7 -nocrl -certfile certificate.pem -out certificate.p7b
PEM to PKCS#12/PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
Validity / Information on a key
- Private key :
openssl rsa -noout -text -in <key file>
- Signing request :
openssl req -noout -text -in <csr file>
- Public key :
openssl x509 -noout -text -in <crt/pem file>
- Check if public and private key matches :
openssl x509 -noout -modulus -in server.pem | openssl md5 ;\ openssl rsa -noout -modulus -in server.key | openssl md5
fingerprints
- SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in <crt/pem file>
- SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in <crt/pem file>