camscape - for excellent IT solutions itkb.ro - IT knowledge base
knowledge base | Contact rss feeds noutati itkb.ro
BASH Configurare email Configurare software Hardware Linux Linux Mint Pentru tonti Securitate VMWARE Windows
Instaleaza itkb.ro search

pentru tonti :: comenzi uzuale openssl

Cristian
Cristian M. 		TitleComenzi uzuale OpenSSL
Tagscomenzi,openssl
Desc.Comenzi uzuale OpenSSL
CodeKBCR0006 v1.1
Date 9 februarie 2014
Comenzi OpenSSL de care aveti nevoie in mod curent:


Citeste continutul unui CSR (Certificate Signing Request)
 
openssl req -text -noout -verify -in filename.csr
 

Citeste continutul unei KEY (Private key)
 
openssl rsa -in filename.key -check
 

Citeste continutul unui CRT (certificat)
 
openssl x509 -in filename.crt -text -noout
 

Citeste continutul unui fisier PKCS#12 (PFX sau P12)
 
openssl pkcs12 -info -in filename.p12


Daca primiti o eroare referitoare la o nepotrivire intre key-ul privat si certificat, verifica faptul ca Hash-ul MD5 este conform CSR-ului sau key-ului privat:
 
openssl x509 -noout -modulus -in FILENAME.crt | openssl md5
openssl rsa -noout -modulus -in FILENAME.key | openssl md5
openssl req -noout -modulus -in FILENAME.csr | openssl md5
 

Verifica o conexiune SSL. Toate certificatele vor fi afisate:
 
openssl s_client -connect www.example.com:443
 

Verifica SSLv2 (SSLv3 -ssl3, TLSv1 -tls1):
 
openssl s_client -ssl2 -connect www.example.com:443
 
 

Conversie certificate
 
Transforma un fisier DER (.crt .cer .der) in PEM:
 
openssl x509 -inform der -in FILENAME.cer -out FILENAME.pem
 

Transforma un fisier PEM in DER
 
openssl x509 -outform der -in FILENAME.pem -out FILENAME.der
 

Transforma un PKCS#12 (.pfx .p12) continant un key privat si certificate in PEM
 
openssl pkcs12 -in FILENAME.pfx -out FILENAME.pem -nodes
 
Folosind -nocerts va rezulta doar key-ul privat.
Folosind -nokeys va rezulta doar certificatul.
 

Transforma un certificat PEM si un key privat in PKCS#12 (.pfx .p12)
 
openssl pkcs12 -export -out FILENAME.pfx -inkey FILENAME.key -in CERT.crt -certfile CA.crt


Converteste din PFX (certificat Microsoft IIS) in CRT si KEY (certificat Apache):

openssl pkcs12 -in FILENAME.pfx -clcerts -nokeys -out FILENAME.crt
openssl pkcs12 -in FILENAME.pfx -nocerts -nodes -out FILENAME.key