docs:tips_n_tricks:openssl.html
This is an old revision of the document!
Table of Contents
OpenSSL
Generate RSA key and certificate request
openssl genpkey \ -algorithm RSA \ -pkeyopt rsa_keygen_bits:2048 \ -out www.usr-local.org.key \ && openssl req \ -new \ -key www.usr-local.org.key \ -outform PEM \ -keyout www.usr-local.org.key \ -subj "/C=DE/ST=Berlin/O=IN Berlin/OU=\/usr\/local/CN=www.usr-local.org" \ -out www.usr-local.org.csr
Convert CA certifiates
openssl x509 -inform DER -outform PEM -in /tmp/IN-Berlin-G3-root-certificate.htm -out /tmp/IN-Berlin-G3-root-certificate.pem
Extract certificat from combinded PEM file
( fgrep -m 1 CERTIFICATE ; cat ) < my.pem > my-crt.pem
Remove passphrase from RSA key
This will create a key file my-key-no-pass.pem
without passphrase from a RSA key file my-key.pem
in PEM format:
openssl rsa -in my-key.pem -out my-key-no-pass.pem
In case your file is a combined key/certificate file my.pem
, the command above will still only generate a key file. To add the certificate to the new file my-no-pass.pem
, you need one more line of shell code:
openssl rsa -in my.pem -out my-no-pass.pem (echo ; fgrep -m 1 CERTIFICATE ; cat ) < my.pem >> my-no-pass.pem
Import CA certificates
This works on a Debian Etch sytem
cp /tmp/IN-Berlin-G3-root-certificate.pem /etc/ssl/certs/ c_rehash
View Certificate
PEM format
openssl x509 -text -noout -in cert.pem
DER format
openssl x509 -text -noout -inform der -in cert.crt
References
man fetchmail
man openssl
man genpkey
man req
docs/tips_n_tricks/openssl.html.1388588119.txt.gz · Last modified: 01.01.2014 15:55 CET by peter