Linux-Apache-ModSSL

From DevRandom

Jump to: navigation, search

KEYS

Generate 1024 bit RSA key

openssl genrsa -out example.key 1024

Generate 2048 bit triple DES private key which has to be encrypted with pass phrase

openssl genrsa -des3 -out example.key 2048

Verify Key but don't print it to the screen

openssl rsa -in example.key -check -noout

Verify Key and print it to the screen

openssl rsa -in example.key -check

Change/Remove pass phrase in the private key

openssl rsa -in example.key -out example.key.new

Certificates

Generate a certificate signing request for an existing private key

openssl req -out example.csr -key example.key -new

Check a Certificate Signing Request

openssl req -text -noout -verify -in example.csr

Check a certificate

openssl x509 -in example.crt -text -noout

Check a certificate against a key. The modulus must match

openssl x509 -noout -modulus -in example.crt | openssl md5
openssl rsa -noout -modulus -in example.key | openssl md5

Display the certificate fingerprints (MD5 and SHA1)

openssl x509 -noout -fingerprint -in example.crt
openssl x509 -noout -sha1 -fingerprint -in example.crt

Who issued the cert

openssl x509 -noout -in example.pem -issuer

Dates valid

openssl x509 -noout -in example.pem -dates

Other Commands

List all available ciphers

openssl ciphers -v

List only TLSv1 ciphers

openssl ciphers -v -tls1

List only high encryption ciphers

openssl ciphers -v 'HIGH'

Check if the server has the ciphers enabled

 openssl s_client -connect www.example.com:443 -cipher LOW
 openssl s_client -connect www.example.com:443 -cipher MEDIUM
 openssl s_client -connect www.example.com:443 -cipher HIGH

Retrieved from "http://www.sriramrajan.com/wiki/Linux-Apache-ModSSL"

Views

Page

Personal tools

Log in

About Me

Blog

Contact Me

Resume

Photos

Search