Difference between revisions of "Openssl"
m |
m |
||
Line 32: | Line 32: | ||
If both the commands result into exactly same output then the certificate and key pair match, otherwise there is a problem. Note that as per http://stackoverflow.com/questions/4658484/ssl-install-problem-key-value-mismatch-but-they-do-match just matching of modulus is not enough. Not sure if it is really so or not. | If both the commands result into exactly same output then the certificate and key pair match, otherwise there is a problem. Note that as per http://stackoverflow.com/questions/4658484/ssl-install-problem-key-value-mismatch-but-they-do-match just matching of modulus is not enough. Not sure if it is really so or not. | ||
==Converting certificates from one format to another== | |||
A very useful article on checking certificate type and on converting them is available at https://support.ssl.com/index.php?/Knowledgebase/Article/View/19 The article highlights difference between DER, CRT, CER and PEM certificate types. | |||
<yambe:breadcrumb>Security tools</yambe:breadcrumb> | <yambe:breadcrumb>Security tools</yambe:breadcrumb> |
Revision as of 05:29, 9 March 2013
<yambe:breadcrumb>Security tools</yambe:breadcrumb>
openssl
Creating self-signed pem certificates for HTTPS
We can create self-signed pem ceritifcates using openssl for HTTPS, SMTPS, etc. using:
openssl req -x509 -nodes -days 9999 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
The life of certificate is set to 9999 so that it never expires.
Creating certificate request with OpenSSL
To create certificate request with OpenSSL we can use:
openssl genrsa -des3 -out client1.key 2048 openssl req -new -key client1.key -days 365 -out client1.csr
Remember the password supplied while generating key, as that password would be asked whenever we try to generate a new request with the key. Challenge password asked at the end when we create a new certificate request can be left blank.
Checking whether a given certificate and key pair match
To check whether a given key and certificate pair match one can use:
openssl rsa -noout -modulus -in <key-file> | openssl md5 openssl x509 -noout -modulus -in <certificate-file> | openssl md5
If both the commands result into exactly same output then the certificate and key pair match, otherwise there is a problem. Note that as per http://stackoverflow.com/questions/4658484/ssl-install-problem-key-value-mismatch-but-they-do-match just matching of modulus is not enough. Not sure if it is really so or not.
Converting certificates from one format to another
A very useful article on checking certificate type and on converting them is available at https://support.ssl.com/index.php?/Knowledgebase/Article/View/19 The article highlights difference between DER, CRT, CER and PEM certificate types.
<yambe:breadcrumb>Security tools</yambe:breadcrumb>