-
-
Save Cynesiz/7822c4f03cf7d56b58a6269c3c8161a4 to your computer and use it in GitHub Desktop.
Useful openssl commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ req ] | |
| default_bits = 4096 | |
| default_md = sha256 | |
| default_keyfile = private.key | |
| distinguished_name = req_distinguished_name | |
| attributes = req_attributes | |
| x509_extensions = v3_user_req | |
| req_extensions = v3_user_req | |
| [ req_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_default = DE | |
| countryName_min = 2 | |
| countryName_max = 2 | |
| stateOrProvinceName = State or Province Name (full name) | |
| stateOrProvinceName_default = Baden-Wuerttemberg | |
| localityName = Locality Name (eg, city) | |
| localityName_default = Stuttgart | |
| 0.organizationName = Organization Name (eg, company) | |
| 0.organizationName_default = Klingele | |
| organizationalUnitName = Organizational Unit Name (eg, section) | |
| organizationalUnitName_default = | |
| commonName = Common Name (eg, fully qualified host name) | |
| commonName_max = 64 | |
| emailAddress = Email Address | |
| emailAddress_default = [email protected] | |
| emailAddress_max = 64 | |
| [ req_attributes ] | |
| challengePassword = A challenge password | |
| challengePassword_min = 4 | |
| challengePassword_max = 20 | |
| [ v3_ca ] | |
| basicConstraints = critical,CA:TRUE | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid:always,issuer:always | |
| [ v3_user_req ] | |
| basicConstraints = critical,CA:FALSE | |
| subjectKeyIdentifier = hash | |
| keyUsage = digitalSignature, keyEncipherment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CSR, RSA 4096 bit | |
| umask 0177 | |
| openssl genrsa 4096 > private.key | |
| umask 0022 | |
| openssl req -new -key private.key -sha256 -nodes -out request.csr | |
| # CSR, Curve secp384r1 | |
| umask 0177 | |
| openssl ecparam -genkey -name secp384r1 -out private.key | |
| umask 0022 | |
| openssl req -new -nodes -key private.key -out request.csr | |
| # Self-signed certificate, RSA 4096, validity: 1 year | |
| umask 0177 | |
| openssl genrsa 4096 > private.key | |
| umask 0022 | |
| openssl req -new -key private.key -sha256 -nodes -x509 -days 365 -out public.crt | |
| # Show certificate fingerprint | |
| openssl x509 -noout -sha1 -fingerprint -in public.crt | |
| openssl x509 -noout -sha256 -fingerprint -in public.crt | |
| # View certificate | |
| openssl x509 -noout -text -in public.crt | |
| # View CSR | |
| openssl req -noout -text -verify -in request.csr | |
| # HPKP | |
| openssl x509 -noout -pubkey -in public.crt | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 | |
| openssl req -noout -pubkey -in request.csr | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 | |
| # Generate Diffie-Hellman parameters | |
| openssl dhparam -out dhparam4096.pem 4096 | |
| # Supported TLS1.0+ ciphers | |
| openssl ciphers -v -tls1 | |
| # Benchmark | |
| openssl speed | |
| openssl speed aes | |
| openssl speed rsa | |
| openssl speed ecdsa | |
| # Show curves | |
| openssl ecparam -list_curves | |
| # Test TLS | |
| openssl s_client -connect leonklingele.de:443 -tlsextdebug -status |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment