# Verify that certificate served by a remote server covers given host name. Openssl verify -CAFile root.crt -untrusted intermediate-ca-chain.pem child.crt # Verify certificate, when you have intermediate certificate chain # and root certificate, that is not configured as a trusted one. Openssl verify -untrusted intermediate-ca-chain.pem example.crt # Root certificate is not a part of bundle, and should be configured as a # trusted on your machine. # Verify certificate, when you have intermediate certificate chain. # Verify certificate, provided that you have root and any intemediate # certificates configured as trusted on your machine:
Openssl req -noout -modulus -in example.csr | openssl sha256 Openssl x509 -noout -modulus -in example.crt | openssl sha256 Openssl rsa -noout -modulus -in example.key | openssl sha256 Openssl req -in example.csr -verify # Verify that private key matches a certificate and CSR: It’s better to avoid weak functions like md5 and sha1, and stick to sha256 In the commands below, replace with the name of the supported hash function: md5, sha1, sha224, sha256, sha384 or sha512, etc. Openssl ecparam -list_curves # Generate DH params with a given length:Ĭreate certificate signing requests (CSR) Openssl ec -in example.ec.key -text -noout #List available EC curves, that OpenSSL library supports: # Print ECDSA key textual representation: Openssl ecparam -genkey -name | openssl ec -out example.ec.key curve is to be replaced with: # prime256v1, secp384r1, secp521r1, or any other supported elliptic curve: Openssl rsa -des3 -in example.key -out example_with_pass.key # Encrypt existing private key with a pass phrase: Openssl rsa -in example.key -out example.key If the key has a pass phrase, you’ll be prompted for it: Openssl rsa -in example.key -text -noout # Generate new RSA key and encrypt with a pass phrase based on AES CBC 256 encryption: Openssl rsa -in example.key -noout -modulus # Print textual representation of RSA key:
0 kommentar(er)
