« Openssl cheatsheet » : différence entre les versions
Aller à la navigation
Aller à la recherche
m (→Validity) |
|||
(6 versions intermédiaires par le même utilisateur non affichées) | |||
Ligne 1 : | Ligne 1 : | ||
[[category:security]] | |||
=Conversion= | =Conversion= | ||
Ligne 16 : | Ligne 18 : | ||
<pre>openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem</pre> | <pre>openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem</pre> | ||
=Validity= | =Validity / Information on a key= | ||
* | * Private key : | ||
<pre>openssl rsa -noout -text -in <key file></pre> | <pre>openssl rsa -noout -text -in <key file></pre> | ||
* | * Signing request : | ||
<pre>openssl req -noout -text in <csr file></pre> | <pre>openssl req -noout -text -in <csr file></pre> | ||
* | * Public key : | ||
<pre>openssl x509 -noout -text -in <crt/pem file></pre> | <pre>openssl x509 -noout -text -in <crt/pem file></pre> | ||
* Check if public and private key matches : | |||
<pre> | |||
openssl x509 -noout -modulus -in server.pem | openssl md5 ;\ | |||
openssl rsa -noout -modulus -in server.key | openssl md5 | |||
</pre> | |||
=fingerprints= | |||
* SHA-1 | |||
<pre>openssl x509 -noout -fingerprint -sha1 -inform pem -in <crt/pem file></pre> | |||
* SHA-256 | |||
<pre>openssl x509 -noout -fingerprint -sha256 -inform pem -in <crt/pem file></pre> |
Dernière version du 21 juillet 2022 à 12:47
Conversion
PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
PEM to PKCS#7/P7B
openssl crl2pkcs7 -nocrl -certfile certificate.pem -out certificate.p7b
PEM to PKCS#12/PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
Validity / Information on a key
- Private key :
openssl rsa -noout -text -in <key file>
- Signing request :
openssl req -noout -text -in <csr file>
- Public key :
openssl x509 -noout -text -in <crt/pem file>
- Check if public and private key matches :
openssl x509 -noout -modulus -in server.pem | openssl md5 ;\ openssl rsa -noout -modulus -in server.key | openssl md5
fingerprints
- SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in <crt/pem file>
- SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in <crt/pem file>