#title OpenSSL Usage
#author Stefan Hornburg (Racke)
#topics blog; OpenSSL
#lang en

Useful site with SSL commands, CSR and certificate decoder:

[[https://redkestrel.co.uk/articles/openssl-commands/]]

** Display certificate request

<example>

$ openssl req -noout -text -in /etc/apache2/ssl/server2016.csr

</example>

** Display to whom it was issued from PEM file

<example>

$ openssl x509 -noout -in imapd.pem -subject

</example>

** Display certificate

<example>

$ openssl x509 -noout -text -in /etc/apache2/ssl/server2016.crt

</example>

** Create key

<example>

$ openssl genrsa 2048 > www.linuxia.de.key

</example>

** Create certificate request from existing key (SHA2)

<example>

$ openssl req -new -key www.linuxia.de.key -sha256 -out server2016.csr

</example>

** Create certificate request from existing certificate and key

<example>
$ openssl x509 -x509toreq -in www.linuxia.de.crt -out www.linuxia.de.csr
-signkey www.linuxia.de.key
</example>


** Show public key for private key

<example>
$ openssl rsa -in www.linuxia.de.key -pubout
</example>

** Convert certificates to PEM format

{{{
$ openssl x509 -inform der -in linuxia.crt -out linuxia.pem 
}}}

** Test SSL connection and print out SSL certificate

{{{
$ openssl s_client -connect  192.168.26.241:443
}}}

** Connect to SMTP server with STARTTLS

{{{
$ openssl s_client -connect  192.168.26.241:25 --starttls smtp
}}}

** Remove passphrase from private key

{{{
$ openssl rsa -in www.linuxia.de.pass.key -outform PEM -pubout -out www.linuxia.de.key
}}}

** HOWTO

For more information, check the [[http://www.madboa.com/geek/openssl/][OpenSSL Command-Line HOWTO]].