Section: (pj)
Updated: 2021-10-19
Index Return to Main Contents

See details about a certificate:

openssl x509 -in server.crt -text

openssl s_client -connect -showcerts

# To use SNI: openssl s_client -connect -servername -showcerts

openssl s_client -connect | openssl x509 -text

Download a remote certificate:

echo -n | openssl s_client -connect | sed -ne `/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >

Test that a key matches a certificate:

(openssl x509 -noout -modulus -in foo.crt ; openssl rsa -noout -modulus -in foo.key) | uniq

Create a self-signed certificate:

Generate a Private Key: openssl genrsa -des3 -out server.pass.key 2048

Remove passphrase from key: openssl rsa -in server.pass.key -out server.key

Generate a CSR: openssl req -new -key server.key -out server.csr

Generate self-signed cert: openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Or in one line:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

Upload a cert to AWS:

aws iam upload-server-certificate


-certificate-body file:// -private-key file://

-certificate-chain file://chain.crt

-path /  


Paul A. Jungwirth.




This document was created by man2html, using the manual pages.
Time: 16:45:10 GMT, April 11, 2022