Find Log In

^{Home Applications}

OpenSSL

Usage

Remove passphrase from PEM-encoded RSA private key:

openssl rsa -in key.pem -out plain.pem

Convert PEM-encoded SSLeay private key to DER-encoded PKCS#8 format:

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.pem -out private.key

Generate a certificate signing request (CSR) for an existing private key:

openssl req -out req.csr -key private.key -new

View remote SSL certificate:

openssl s_client -connect www.example.org:443 < /dev/null

or, alternatively:

gnutls-cli --print-cert www.example.org < /dev/null

Save remote SSL certificate:

openssl s_client -showcerts -connect example.org:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > out.crt

Extract the private key and the certificate from the pfx file:

openssl pkcs12 -in domain.pfx -nocerts -out domain.key
openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.crt

Note, that the password for the private key is obligatory this time, but may be removed later on (see the first example).

Errors

C022D888F57F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Use -legacy command line option to enable obsolete ciphers (including RC2).