Table of Contents
In this article, I will take you through 25+ Popular Examples of Openssl Commands in Linux. openssl is an opensource command line tool in linux primarliy used to generate ssl certificate with the help of private key and certificate signing request(CSR) file. This tool will use OpenSSL Library to implement its tasks.In most of the Linux systems, this tool will be installed by default.
SSL – Secure Socket Layer
CSR – Certificate Signing Request
TLS – Transport Layer Security
PEM – Privacy Enhanced Mail
DER – Distinguished Encoding Rules
SHA – Secure Hash Algorithm
PKCS – Public-Key Cryptography Standards
Why do we need SSL Certificate
SSL Certificate is used secure traffic between client and Server. It will encrypt all the communication happening between server and client and hence will make difficult for anyone trying to steal or read the data. This will safeguard the communication between server and client. Hence it is a common practice to install a SSL Certificate before putting any content in Internet through web server. Usually Port 443 will be used for secure channel communication which is also known as https Port.
Openssl Commands Examples
Openssl tutorial: Generate and Install Certificate on Apache Server in 8 Easy Steps
1. Check Openssl version
If you want to check openssl commands version then you need to run openssl version
command as shown below.
[root@localhost ~]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017
2. Check another URL Certificate
To check certificate of another URL, you need to run below openssl commands. Here we are connecting Google on Port 443 and checking its SSL Certificate.
[root@localhost ~]# openssl s_client -connect google.com:443 CONNECTED(00000003) depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com i:/C=US/O=Google Trust Services/CN=GTS CA 1O1 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1 i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign --- Server certificate -----BEGIN CERTIFICATE----- MIIKEDCCCPigAwIBAgIQcqkpZmmyCtYIAAAAADIKCjANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDMwMzA5MzczMloXDTIwMDUyNjA5Mzcz MlowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAMMDCou Z29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL86+gnf
3. Debug another URL Certificate
To check debug another URL certificate you need to use -tlsextdebug
option with openssl commands. Here we are debugging the Google SSL Certificate.
[root@localhost ~]# openssl s_client -connect google.com:443 -tlsextdebug CONNECTED(00000003) TLS server extension "renegotiation info" (id=65281), len=1 0001 - <SPACES/NULS> TLS server extension "EC point formats" (id=11), len=2 0000 - 01 . 0002 - <SPACES/NULS> TLS server extension "session ticket" (id=35), len=0 depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com i:/C=US/O=Google Trust Services/CN=GTS CA 1O1 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1 i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign --- Server certificate -----BEGIN CERTIFICATE----- MIIKEDCCCPigAwIBAgIQcqkpZmmyCtYIAAAAADIKCjANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDMwMzA5MzczMloXDTIwMDUyNjA5Mzcz MlowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAMMDCou Z29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL86+gnf cOl+fosg2PhYtY0nCRji7IzDlLtxP+gPAxaBX4njwMD0YN306ufpKNJDhQDt8f2R 4EqflaMWqg2UZDmPUZF4DKURTHfdc9hf+AKkQy8gK048wSbcv9IGli+gkvzBYosq
4. Test SSL Certificate of another URL
If you want to check the SSL Certificate cipher of Google then you need to run below openssl commands.
[root@localhost ~]# openssl s_client -connect google.com:443 -cipher RC4-SHA CONNECTED(00000003) 139965827106704:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 99 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1586014875 Timeout : 300 (sec) Verify return code: 0 (ok) ---
5. Check MD5 Hash
To check MD5 hashing of a certificate you can use below openssl commands.
[root@localhost ~]# openssl x509 -noout -modulus -in ca.crt | openssl md5 (stdin)= 97411c77be0abd568fb1611d2bee57af
6. Check SSL Certificate
To verify SSL Certificate you can use below openssl commands.
[root@localhost ~]# openssl x509 -in ca.crt -text -noout Certificate: Data: Version: 1 (0x0) Serial Number: 93:73:2e:b2:bd:52:87:57 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=California, L=Arvin, O=Default Company Ltd, OU=PM , CN=cyberithub.local/emailAddress=test@cyberithub.local Validity Not Before: Apr 4 13:20:11 2020 GMT Not After : Apr 4 13:20:11 2021 GMT Subject: C=US, ST=California, L=Arvin, O=Default Company Ltd, OU=PM , CN=cyberithub.local/emailAddress=test@cyberithub.local Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ac:4d:d8:e5:da:bf:1f:53:ee:6d:17:e4:9e:6d: 12:cc:9f:98:73:3c:58:6c:bc:33:44:7c:1e:ae:bf: a4:f3:55:52:1a:ba:d5:fc:0f:d2:82:4e:f2:fa:2e: 42:a5:8d:c9:43:5e:64:58:aa:63:ca:eb:1e:a6:71: 54:62:a6:66:93:78:3d:26:25:78:d8:1f:87:71:ff: c0:c7:43:81:8e:6f:09:27:c7:f9:e5:72:97:0d:b2: 7d:e6:05:4a:b0:15:1b:4e:bd:c8:5c:c0:29:4a:54: 61:3a:8b:ce:8e:db:25:80:76:b4:2f:c0:e3:dc:d4: 39:95:fd:42:2c:ae:a0:97:6a:a9:eb:9c:bc:f2:b6: 7a:59:91:a1:ed:8f:5d:a1:61:f2:b5:6c:e6:e8:61: 1c:ed:95:71:84:1d:83:51:6d:f0:a0:e6:f1:34:5d: 74:47:df:79:02:00:ca:66:a9:dd:60:56:1b:db:59: 71:be:3a:21:13:47:d1:38:b2:25:09:0f:c5:33:9b: a7:e3:96:0e:6e:5e:3a:a5:6b:4e:d8:a2:76:63:2f: 70:3d:f7:d8:cb:a3:0f:f4:33:16:e3:04:ef:20:57: ee:a5:78:75:51:02:5c:39:33:c5:8d:3d:39:70:69: 6d:6a:06:54:8d:0d:5b:66:5c:b5:46:f5:01:f5:49: a8:37 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption a3:54:62:d9:9f:61:fe:c2:0d:66:6f:df:0c:bd:85:10:0b:77: 55:8d:cd:53:d6:87:5b:8d:a0:0f:52:c5:27:c3:ba:ae:b9:e6: 6c:82:f2:9f:45:da:b9:a4:51:e1:d3:8b:9e:f8:f6:49:ff:4e: a8:60:9b:9c:bb:9d:39:cd:05:c7:34:fa:1a:76:52:6f:0d:bd: ce:6f:4e:f5:fe:cb:49:91:2c:d2:48:98:ef:3d:7d:c8:17:a1: 66:34:56:ec:0b:d9:af:29:c5:99:aa:2c:b7:85:6e:bb:08:fb: 6d:6a:c4:d7:fa:34:d5:98:6f:2f:d0:46:1c:51:bb:74:f6:6b: a1:26:26:52:43:ca:4e:b5:fa:1c:15:87:a2:21:d2:6b:c0:f3: 3c:10:e7:bb:d8:48:46:d5:6a:f3:0c:b9:f2:15:89:1e:a1:71: ae:72:72:73:9f:59:64:98:7f:f6:64:90:bf:7d:0a:6e:03:5d: f3:1a:77:ec:f2:b4:79:95:86:85:5b:f0:9b:11:a8:fc:58:ae: f7:49:63:f6:24:46:86:0d:c2:66:45:43:c4:3e:8f:55:c6:87: 44:cb:31:f3:1b:2e:b4:85:82:e0:e0:6d:9b:ee:00:0d:5d:01: f0:52:54:17:cf:79:aa:a2:9c:57:91:f5:8a:64:64:77:ca:a4: aa:95:75:d8
7. Check a Private Key
You can check(-check
) a private key(-in ca.key
) using below command.
[root@localhost ~]# openssl rsa -in ca.key -check RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEArE3Y5dq/H1PubRfknm0SzJ+YczxYbLwzRHwerr+k81VSGrrV /A/Sgk7y+i5CpY3JQ15kWKpjyusepnFUYqZmk3g9JiV42B+Hcf/Ax0OBjm8JJ8f5 5XKXDbJ95gVKsBUbTr3IXMApSlRhOovOjtslgHa0L8Dj3NQ5lf1CLK6gl2qp65y8 8rZ6WZGh7Y9doWHytWzm6GEc7ZVxhB2DUW3woObxNF10R995AgDKZqndYFYb21lx vjohE0fROLIlCQ/FM5un45YObl46pWtO2KJ2Yy9wPffYy6MP9DMW4wTvIFfupXh1 UQJcOTPFjT05cGltagZUjQ1bZly1RvUB9UmoNwIDAQABAoIBAH3qgegvvF3Tgzi8 LjlMcmGQ++KypdgIjNqubem8aXndzxtzkC8dDPRnZ49GwTOk8wDFeUWGd1jyC7sM tONGwU1hoCZBWhduqxe3FBVKkuIY6LLmpAt2e0bqOrEfCt60/fjEHikR0Nrd4RPc 2X1yTuybUsBXEO3vNYoTwwlOMFOVzxkWvzeHI6NTqEsMU1tJ0DbKIlzaopxPUh9C BnC++x+1IHy44Jk8dj/qXEJIbVZhmcmsqsBw8KnnKj0VbFYgR28lIcG8I3+jhQnb 04RxhKSwiqPoES45c+46wst9X3HKomAP26QECdGcLqF8dpI2S2nWYl8auAJdTanD fIg3VuECgYEA2ivF+RljouL1XPqat+pQ19cG+Bi0UUfEz9XG22LLZSc9UNbycMk9 lrGqgLv8PIuj6etIST7UknpCXrHUMegT2fntAG8AtsJoc0W3NN3a2onz6hq/wHVl QOG16CDtapObwSFump/YCcTOhNv+YBy5H1/R5sHO8IVHj2inGm0S4kcCgYEAyi4f eC959m/BmOR0vnnyxfjnRWIIgxuOHOxejBRM99SYOgJx/ioy0AEbRRqRELU6mtux oClBG3IlbV9nor/YzuokVI6Axy4d5Yj5k7dZZmUcgPSkZmh0ZMtZyUm4p+81zX1w 8x17sDex4uEyfYud4xoj24TBaxI7Ahee4MWdkpECgYEAiqbbEG40Riaa7NZPUabW bfW39iAtKKLFz5f64x4sSULg0uln9onOXGDZDStrKEdOirD+pZ4KlnSgjXHSe00U oKkXF/lzqLJwkyGxRyXfmpelrhgF2RhCmzNW2gljGSJqEBlhI1+Get7aqNDvHsHi XLAWw+JT08PAMMG/wSmkoK0CgYBj8ODFfFKBq0S721KKRaXojt1jws4KYTiiu4UR IYfailClfEf1J87uW12rjzJeW/eYTTlEvp/cfVRa+Go2XTdDMSK8WaT20KkeqdMV XfDnWNv6MvSBWukOWicMBVEuUmT6KyQGSXC27xET4dYfkUB+3pETFlC2KNDae+qh mY4GwQKBgDX1+62eACyvHoL8bsS1LQgFxhY/mcLnVYITmUyltC8ZmzjtFpO3VHRB ZkJ4RVdb1/6VBdgRFVzGefw65AnvfF6BLpZxHmvrUm336jJOnWp1ICdAb1zBCKij I3Jnk540fkAnHKUHHA0GYSB2YBk8c83l1OKW+lIeKIm+sTMDZARl -----END RSA PRIVATE KEY-----
8. Convert CRT to DER Format
To convert CRT(-in ca.crt
) to DER(-out cert.der
) format you can use below command.
[root@localhost ~]# openssl x509 -in ca.crt -outform der -out cert.der
9. Generate certificate signing request based on current certificate
Below command generates Certificate Signing request(-out example.csr
) based on current certificate(-in ca.crt
) and private key(-in ca.key
) as shown below.
[root@localhost ~]# openssl x509 -x509toreq -in ca.crt -out example.csr -signkey ca.key Getting request Private Key Generating certificate request
10. Verify Certificate Signing Request
Below command verify the certificate signing request(-in CSR.csr
) as shown below.
[root@localhost ~]# openssl req -text -noout -verify -in CSR.csr verify OK Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=California, L=Arvin, O=Default Company Ltd, OU=PM , CN=cyberithub.local/emailAddress=test@cyberithub.local Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ac:4d:d8:e5:da:bf:1f:53:ee:6d:17:e4:9e:6d: 12:cc:9f:98:73:3c:58:6c:bc:33:44:7c:1e:ae:bf: a4:f3:55:52:1a:ba:d5:fc:0f:d2:82:4e:f2:fa:2e: 42:a5:8d:c9:43:5e:64:58:aa:63:ca:eb:1e:a6:71: 54:62:a6:66:93:78:3d:26:25:78:d8:1f:87:71:ff: c0:c7:43:81:8e:6f:09:27:c7:f9:e5:72:97:0d:b2: 7d:e6:05:4a:b0:15:1b:4e:bd:c8:5c:c0:29:4a:54: 61:3a:8b:ce:8e:db:25:80:76:b4:2f:c0:e3:dc:d4: 39:95:fd:42:2c:ae:a0:97:6a:a9:eb:9c:bc:f2:b6: 7a:59:91:a1:ed:8f:5d:a1:61:f2:b5:6c:e6:e8:61: 1c:ed:95:71:84:1d:83:51:6d:f0:a0:e6:f1:34:5d: 74:47:df:79:02:00:ca:66:a9:dd:60:56:1b:db:59: 71:be:3a:21:13:47:d1:38:b2:25:09:0f:c5:33:9b: a7:e3:96:0e:6e:5e:3a:a5:6b:4e:d8:a2:76:63:2f: 70:3d:f7:d8:cb:a3:0f:f4:33:16:e3:04:ef:20:57: ee:a5:78:75:51:02:5c:39:33:c5:8d:3d:39:70:69: 6d:6a:06:54:8d:0d:5b:66:5c:b5:46:f5:01:f5:49: a8:37 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption 36:82:bd:eb:11:4d:ad:1e:44:62:b4:48:27:41:a3:2b:3a:b4: 64:6e:67:5b:f6:1a:8e:65:49:1a:b7:f2:5e:aa:7e:bc:8c:bc: cb:ec:7b:b0:3d:5b:e1:29:84:8f:35:78:b1:6c:19:1e:9a:17: ac:de:f8:b1:a7:66:61:6b:cc:a0:98:6c:21:10:6d:9f:e7:79: 19:5d:a9:bf:bb:ed:1e:cd:63:c7:4b:6d:de:6e:22:eb:e2:3f: 6c:de:13:b5:fb:18:30:c0:fc:9b:f5:5f:a8:b0:e3:01:f1:7a: 4c:7f:39:a2:7d:d0:86:98:bc:91:49:10:41:8b:5a:80:6f:b1: cf:6e:6b:2b:2f:c6:c3:67:b5:b9:51:db:66:72:db:e3:b8:b1: d6:0b:32:9f:ae:0f:4a:a9:7a:3d:4d:47:e2:26:0f:f3:e7:30: bf:5d:c6:47:3f:33:67:03:b8:e7:fb:5b:01:56:99:4c:ad:7e: 95:89:08:48:b0:9c:71:62:19:2a:f3:cd:e3:38:c3:a6:09:c2: 7f:22:15:91:d9:af:6b:4c:fe:a2:bf:54:5c:05:6d:a5:ed:ef: 8e:c4:cc:10:07:ee:c1:56:7d:0b:ad:3f:a7:92:d3:00:c0:21: 30:38:68:99:76:de:3a:fb:5b:8d:64:2a:df:a8:45:57:07:95: 34:f7:cf:2c
11. Convert CRT to PEM Format
If you get SSL certificate in CRT format(-in
) then you can convert it to PEM format(-out
) using below command.
[root@localhost ~]# openssl x509 -in ca.crt -out ca.pem
12. Convert CRT to CER file
If you have SSL certificate in CRT format(-in
) then you can convert it to CER format(-out
) using below command.
[root@localhost ~]# openssl x509 -in ca.crt -out ca.cer
13. Convert CER to PEM file
If you have SSL certificate in CER format(-in
) then you can convert it to PEM format(-out
) using below command.
[root@localhost ~]# openssl x509 -in ca.cer -out certificate.pem
14. Convert PEM to DER file
If you have SSL certificate in PEM format(-in
) then you can convert it to PEM format(-out
) using below command.
[root@localhost ~]# openssl x509 -outform der -in certificate.pem -out certificate.der
15. Encode String using base64
Sometimes you need to convert text to base64 encoding format. You can do that by using below openssl commands.
[root@localhost ~]# openssl base64 -e <<< 'Welcome to CyberITHub' V2VsY29tZSB0byBDeWJlcklUSHViCg==
16. Decode String using base64
You can also decode the encoded baseb4 strings using below openssl commands.
[root@localhost ~]# openssl base64 -d <<< 'V2VsY29tZSB0byBDeWJlcklUSHViCg==' Welcome to CyberITHub
17. Check all Available Ciphers
You can check all the currently available ciphers using openssl ciphers -v
command as shown below.
[root@localhost ~]# openssl ciphers -v ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256 DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256
18. To hash a file using MD5 Algorithm
If you want MD5 hashing of a file then you need to use below openssl commands.
[root@localhost ~]# openssl md5 file.txt MD5(file.txt)= b04941215bcb3bad30ad3061790e7721
19. To hash a file using SHA1 Algorithm
If you want SHA1 hashing of a file then you need to use below openssl commands.
[root@localhost ~]# openssl sha1 file.txt SHA1(file.txt)= a2d686c168445fcbcdb5c2c172c603a116bb484d
20. To hash a file using SHA384 Algorithm
If you want SHA384 hashing of a file then you need to use below openssl commands.
[root@localhost ~]# openssl sha384 file.txt SHA384(file.txt)= b6248266a7fec68839b276a1568b1339ccb432f86aad97b897419735cc67d576ef27907a6c03a4fab8953c83d4cf43c6
21. Create a Private Key with Passphrase
Below command can be used to generate private key of 2048 bits length and using a passphrase.
[root@localhost ~]# openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus ..................+++ .............................................+++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
22. Create a Private Key without Passphrase
Below command can be used to generate private key of 2048 bits length without using a passphrase.
[root@localhost ~]# openssl genrsa -des3 -passout pass:x -out server.key 2048 Generating RSA private key, 2048 bit long modulus .+++ ...+++ e is 65537 (0x10001)
23. Remove Passphrase from Private Key
If you want to decrypt the private key(-out newserver.key
) based on given input key(-in server.key
) then you need to use below openssl commands.
[root@localhost ~]# openssl rsa -in server.key -out newserver.key Enter pass phrase for server.key: writing RSA key
Check the decrypted key.
[root@localhost ~]# ls -lrt newserver.key -rw-r--r--. 1 root root 1675 Apr 26 01:34 newserver.key
24. Create a Self Signed Certificate
Below openssl commands can be used to generate a self signed certificate(-out server.crt
) for 365 days using Certificate Signing request(-in server.csr
) and a private key(-signkey server.key
) as shown below.
[root@localhost ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=US/ST=California/L=San Diego/O=Example Ltd/OU=IT/CN=server.localhost/emailAddress=abc@server.com Getting Private key Enter pass phrase for server.key:
Check the Generated Certificate.
[root@localhost ~]# ls -lrt server.crt -rw-r--r--. 1 root root 1322 Apr 26 01:38 server.crt
25. Convert PEM to PKCS#12 Format
Below command can be used to convert PEM format(-inkey server.key
) to PKCS#12(-out server.pfx
) format using below command.
[root@localhost ~]# openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile serverCA.crt Enter pass phrase for server.key: Enter Export Password: Verifying - Enter Export Password:
Check the generated output file.
[root@localhost ~]# ls -lrt server.pfx -rw-r--r--. 1 root root 3517 Apr 26 01:45 server.pfx
Popular Recommendations:-
5 Easy Steps to Black List Kernel Module in RedHat/ CentOS 7/8
How to Enable or Disable SELinux Temporarily or Permanently on RedHat/CentOS 7/8
10 Popular Examples of sudo command in Linux(RedHat/CentOS 7/8)
9 useful w command in Linux with Examples