<설치>
#sudo apt-get install libssl-dev openssl
General OpenSSL commands
The following commands allow you to generate CSRs, Certificates, Private Keys and other tasks.
Generate a new private key and matching certificate signing request (Unix)
openssl req -out CSR.csr -pubkey -new -keyout privateKey.key
Generate a new private key and matching certificate signing request (Windows)
openssl req -out CSR.csr -pubkey -new -keyout privateKey.key -config .\share\openssl.cmf
Generate a certificate signing request for an existing private key
openssl req -out CSR.csr -key privateKey.key -new
Generate a certificate signing request based on an existing x509 certificate
openssl x509 -x509toreq -in MYCRT.crt -out CSR.csr -signkey privateKey.key
Decrypt private key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Remove a passphrase from a private key
openssl rsa -in privateKey.pem -out newPrivateKey.pem
Checking commands
Use the following commands to check the information within a Certificate, CSR or Private Key. You can also check CSRs and certificates using our online tools.
Check a certificate signing request
openssl req -text -noout -verify -in CSR.csr
Check a private key
openssl rsa -in privateKey.key -check
Check a certificate
openssl x509 -in certificate.crt -text -noout
Check a PKCS#12 keystore
openssl pkcs12 -info -in keyStore.p12
Debugging commands
If you are receiving certificate errors, try one of the following commands to debug a SSL connection. Use our Site Check as well to check the certificate.
Check the MD5 hash of the public key
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5
Check an SSL connection. All certificates (also intermediates) should be shown
openssl s_client -connect https://www.paypal.com:443
Converting commands
Use the following commands to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file for use with Tomcat or IIS.
Convert DER (.crt .cer .der) to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PKCS#12 (.pfx .p12) to PEM containing both private key and certificates
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
add -nocerts for private key only; add -nokeys for certificates only
Convert (add) a seperate key and certificate to a new keystore of type PKCS#12
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
'시스템 > linux' 카테고리의 다른 글
| [펌] ubuntu 14.04 LTS APM 설치방법 (0) | 2016.09.22 |
|---|---|
| 우분투 오라클 jdk java 설치 ( oracle jdk java installation on ubuntu ) (0) | 2016.02.01 |
| certtool를 이용한 자체 CA 및 셀프 ssl인증서 만들기 (1) | 2012.12.15 |
| gnutls 설명서 (0) | 2012.12.11 |
| ubuntu 64bit eclipse 설치 (0) | 2012.12.07 |