#title OpenSSL Usage
#author Stefan Hornburg (Racke)
#topics blog; OpenSSL
#lang en

Useful site with SSL commands, CSR and certificate decoder:

[[https://redkestrel.co.uk/articles/openssl-commands/]]

Display certificate request:

<example>

openssl req -noout -text -in /etc/apache2/ssl/server2016.csr

</example>

Display to whom it was issued from PEM file:

<example>

openssl x509 -noout -in imapd.pem -subject

</example>

Display certificate:

<example>

openssl x509 -noout -text -in /etc/apache2/ssl/server2016.crt

</example>

Create key:

<example>

openssl genrsa 2048 > www.linuxia.de.key

</example>

Create certificate request from existing key (SHA2):

<example>

openssl req -new -key www.linuxia.de.key -sha256 -out server2016.csr

</example>

Create certificate request from existing certificate and key:

<example>
openssl x509 -x509toreq -in www.linuxia.de.crt -out www.linuxia.de.csr
-signkey www.linuxia.de.key
</example>

Show public key information:

<example>
openssl rsa -in www.linuxia.de.key -pubout
</example>

Test SSL connection and print out SSL certificate:

{{{
openssl s_client -connect  192.168.26.241:443
}}}

Connect to SMTP server with STARTTLS:

{{{
openssl s_client -connect  192.168.26.241:25 --starttls smtp
}}}

For more information, check the [[http://www.madboa.com/geek/openssl/][OpenSSL Command-Line HOWTO]].