OpenSSL is an open-source implementation of the SSL protocol. It is widely used and it has different functions which allow you to check CSR, Certificate, and expiry. Let’s see some Basic Openssl Commands, which will be used in your daily life.
Here are some basic open commands which will be useful when you are dealing with certificates or anything related to that.
- Decoding the certificate
This will decode the certificate and display some information about the certificate, like expiry date, issuer, etc.
$ openssl x509 -in certificate.crt -text -noout
2. Checking the expiry date
If don’t want to completely decode the certificate and just check the expiry date, you can use this handy command
$ cat certificate.crt | openssl x509 -noout -enddate
3. How to see if a Certificate and a Private Key match
Compare the output from both commands. If they are identical then the private key matches the certificate.
$ openssl pkey -in privateKey.key -pubout -outform pem | sha256sum $ openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
4. Verifying SSL
This will verify the CSR certificate which you have created.
$ openssl req -noout -text -in justgeek.csr
5. Verify Private Key
There are some online tools to verify keys, but it’s not a great idea to verify keys using those tools. OpenSSL command would be the best way.
$ openssl rsa -in justgeek.key –check
6. Verifying Certificate file
This command will verify the certificate file.
$ openssl x509 -in certfile.pem -text –noout
7. Checking SSL Connections
This will output the website’s certificate, including any intermediate certificates
$ openssl s_client -connect https://www.server.com:443
Above are the most basic Openssl Commands. Do let me know if you want us to add more here on this page, so you can bookmark this page and keep it handy 🙂
SSL is part of the security, here you can refer to more security-related posts. Also, you can read more about SSL here