« Openssl cheatsheet » : différence entre les versions

De Linux Server Wiki
Aller à la navigation Aller à la recherche
(Page créée avec « =Conversion= ==PEM to DER== <pre>openssl x509 -outform der -in certificate.pem -out certificate.der</pre> ==PEM to PKCS#7/P7B== <pre>openssl crl2pkcs7 -nocrl -certfile c... »)
 
 
(8 versions intermédiaires par le même utilisateur non affichées)
Ligne 1 : Ligne 1 :
[[category:security]]
=Conversion=
=Conversion=


Ligne 15 : Ligne 17 :
==Convert P7B to PEM==
==Convert P7B to PEM==
<pre>openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem</pre>
<pre>openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem</pre>
=Validity / Information on a key=
* Private key :
<pre>openssl rsa -noout -text -in <key file></pre>
* Signing request :
<pre>openssl req -noout -text -in <csr file></pre>
* Public key :
<pre>openssl x509 -noout -text -in <crt/pem file></pre>
* Check if public and private key matches :
<pre>
openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5
</pre>
=fingerprints=
* SHA-1
<pre>openssl x509 -noout -fingerprint -sha1 -inform pem -in <crt/pem file></pre>
* SHA-256
<pre>openssl x509 -noout -fingerprint -sha256 -inform pem -in <crt/pem file></pre>

Dernière version du 21 juillet 2022 à 12:47


Conversion

PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM to PKCS#7/P7B

openssl crl2pkcs7 -nocrl -certfile certificate.pem -out certificate.p7b

PEM to PKCS#12/PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

Validity / Information on a key

  • Private key :
openssl rsa -noout -text -in <key file>
  • Signing request :
openssl req -noout -text -in <csr file>
  • Public key :
openssl x509 -noout -text -in <crt/pem file>
  • Check if public and private key matches :
openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

fingerprints

  • SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in <crt/pem file>
  • SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in <crt/pem file>