Reduce bottlenecks in code reviews

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

OpenSSL Commands - Generate Certificates & Encrypt Data | Online Free DevTools by Hexmos

Master OpenSSL commands for generating SSL certificates, CSRs, and performing high-quality symmetric encryption. Learn essential OpenSSL usage for developers.

OpenSSL Commands

Generate SSL Certificates with OpenSSL

OpenSSL is a powerful command-line tool for managing SSL/TLS certificates and performing cryptographic operations. This section covers essential commands for generating private keys, Certificate Signing Requests (CSRs), and self-signed certificates. 

# To create a 2048-bit private key:
openssl genrsa -out server.key 2048

# To create the Certificate Signing Request (CSR):
openssl req -new -key server.key -out server.csr

# To sign a certificate using a private key and CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# (The above commands may be run in sequence to generate a self-signed SSL certificate.)

Inspect and Verify Certificates

After generating or obtaining certificates, it's crucial to inspect their details and verify their integrity. These OpenSSL commands allow you to view certificate information, fingerprints, and expiration dates. 

# To show certificate information for a certificate signing request
openssl req -text -noout -in server.csr

# To show certificate information for generated certificate
openssl x509 -text -noout -in server.crt 

# To get the sha256 fingerprint of a certificate
openssl x509 -in server.crt -noout -sha256 -fingerprint

# To view certificate expiration:
echo | openssl s_client -connect <hostname>:443 2> /dev/null | \
awk '/-----BEGIN/,/END CERTIFICATE-----/' | \
openssl x509 -noout -enddate

Advanced OpenSSL Operations

Explore more advanced OpenSSL functionalities, including generating Diffie-Hellman parameters for enhanced key exchange and testing HTTPS server connections. 

# To generate Diffie-Hellman parameters:
openssl dhparam -outform PEM -out dhparams.pem 2048

# To test an https server:
openssl s_client -connect 10.240.2.130:433

High-Quality Symmetric Encryption with OpenSSL

Achieve robust data security using OpenSSL's symmetric encryption capabilities. The following commands demonstrate a recommended set of options for strong encryption, emphasizing the importance of a secure password. 

# High-quality options for openssl for symmetric (secret key) encryption
  
This is what knowledgable people consider a good set of options for 
symmetric encryption with openssl to give you a high-quality result.
Also, always remember that the result is only as good as the password
you use. You must use a strong password otherwise encryption is meaningless.
  
openssl enc -e -aes-256-cbc \
  -salt \
  -pbkdf2 \
  -iter 1000000 \
  -md sha512 \
  -base64 \
  -in somefile \
  -out somefile.enc # to encrypt

openssl enc -d -aes-256-cbc \
  -salt \
  -pbkdf2 \
  -iter 1000000 \
  -md sha512 \
  -base64 \
  -in somefile.enc \
  -out somefile # to decrypt

For further details on OpenSSL commands and cryptographic standards, refer to the official OpenSSL documentation and the RFC 7159 for JSON standards, which are often used in conjunction with secure data handling.

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments