Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

An Easy Guide to OpenSSL Commands

DZone's Guide to

An Easy Guide to OpenSSL Commands

In this post, we review some of the basic OpenSSL commands you can use to add requisite security measures to your server.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

We got the list of OpenSSL commands to help SSL certificate users who want to manage or get issue their certificate through the open source cryptography library, OpenSSL.

OpenSSL allows users to get and/or issue a certificate and install it on their server.

Let's get into it!

In order to create a new certificate signing request and private key, run the following:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

If you have already a private key, then you can use the below OpenSSL command to generate a fresh copy of the certificate signing request for the existing private key.

openssl req -out CSR.csr -key privateKey.key -new

Do you have a certificate and want to generate a new copy of the certificate signing request or CSR? You can do so by using the below OpenSSL command.

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

If you want to verify the information in an existing certificate signing request, use the following command.

openssl req -text -noout -verify -in CSR.csr

Let's double check with a private key and deploy the following OpenSSL command.

openssl rsa -in privateKey.key -check

Validate the certificate information through this command.

openssl x509 -in certificate.crt -text -noout

Compare the certificate signing request and private key.

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

There's also a few OpenSSL commands to turn your certificate format into a different format as per the requirements of your web server or software. 

Turn a DER format to PEM:

openssl x509 -inform der -in certificate.cer -out certificate.pem

Turn a PEM format to DER:

openssl x509 -outform der -in certificate.pem -out certificate.der

We hope that all of the above prerequisite OpenSSL commands will assist you in managing your certificate issuance and installation on your own web server.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
web security ,web security testing ,security ,openssl ,server security

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}