ssl

Section: (pj)
Updated: 2021-10-19
Index Return to Main Contents

See details about a certificate:

openssl x509 -in server.crt -text

openssl s_client -connect example.com:443 -showcerts

# To use SNI: openssl s_client -connect example.com:443 -servername example.com -showcerts

openssl s_client -connect example.com:443 | openssl x509 -text

Download a remote certificate:

echo -n | openssl s_client -connect example.com:443 | sed -ne `/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > example.com.crt

Test that a key matches a certificate:

(openssl x509 -noout -modulus -in foo.crt ; openssl rsa -noout -modulus -in foo.key) | uniq

Create a self-signed certificate:

Generate a Private Key: openssl genrsa -des3 -out server.pass.key 2048

Remove passphrase from key: openssl rsa -in server.pass.key -out server.key

Generate a CSR: openssl req -new -key server.key -out server.csr

Generate self-signed cert: openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Or in one line:


openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

Upload a cert to AWS:

aws iam upload-server-certificate

-server-certificate-name STAR.example.com

-certificate-body file://STAR.example.com.crt -private-key file://STAR.example.com.key

-certificate-chain file://chain.crt

-path /  

AUTHORS

Paul A. Jungwirth.


 

Index

AUTHORS

This document was created by man2html, using the manual pages.
Time: 15:49:28 GMT, March 26, 2024