Reduce context-switching for engineers

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

OpenSSL Commands - Certificate & Security Management Tool

Master OpenSSL commands for certificate management, key generation, encryption, and more. This comprehensive cheat-sheet provides essential OpenSSL commands for developers and system administrators.

OpenSSL Commands

OpenSSL Certificate Management Commands

OpenSSL is a powerful toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptography, as well as a general-purpose cryptography library. This section covers essential commands for managing digital certificates.

Certificate Generation and Signing

Command Description
openssl req -new -key <key> -out <csr> Generate a new Certificate Signing Request (CSR) using an existing private key.
openssl req -x509 -key <key> -in <csr> -out <cert> Generate a self-signed certificate from a private key and CSR. Useful for testing and development environments.
openssl ca -in <csr> -out <cert> Sign a certificate request using a Certificate Authority (CA).
openssl ca -config <config> -in <csr> -out <cert> Sign a certificate request with a custom CA configuration file.
openssl verify -CAfile <ca> <cert> Verify the validity of a certificate against a specified Certificate Authority file.

Certificate Information and Extraction

Command Description
openssl x509 -in <cert> -text -noout Display detailed information about an X.509 certificate, such as subject, issuer, and validity dates.
openssl x509 -in <cert> -pubkey -noout Extract the public key from an X.509 certificate.
openssl x509 -in <cert> -fingerprint -noout Display the fingerprint (hash) of a certificate for identification.

OpenSSL Key Management Commands

Securely manage your private and public keys using these OpenSSL commands.

Key Generation and Conversion

Command Description
openssl genrsa -out <key> 2048 Generate a new RSA private key with a key size of 2048 bits.
openssl rsa -in <key> -pubout -out <pub_key> Extract the public key from an RSA private key.
openssl rsa -in <key> -out <new_key> Convert an RSA private key to a different format or encrypt it.
openssl rand -hex 16 Generate a random hexadecimal string of 16 bytes (32 characters).
openssl rand -base64 32 Generate a random base64 encoded string of 32 bytes.
openssl rand -base64 -out <file> 32 Generate a random base64 string and save it to a specified file.
openssl rand -out <file> 32 Generate a random binary string of 32 bytes and save it to a file.
openssl rand -hex 32 Generate a random hexadecimal string of 32 bytes (64 characters).

OpenSSL Certificate Conversion

Convert certificates between various formats for compatibility with different systems and applications.

Command Description
openssl pkcs12 -export -in <cert> -inkey <key> -out <file> Export a certificate and its private key into a PKCS#12 (PFX) file, often password protected.
openssl pkcs12 -in <file> -out <cert> -nodes Extract a certificate and its private key from a PKCS#12 file. The -nodes option prevents encrypting the private key.
openssl x509 -in <cert> -outform DER -out <file> Convert a certificate from PEM format to DER (binary) format.
openssl x509 -in <cert> -outform PEM -out <file> Convert a certificate to PEM (Privacy-Enhanced Mail) format, which is text-based.

OpenSSL Encryption and Hashing

Utilize OpenSSL for secure file encryption and integrity checking using cryptographic hashes.

Command Description
openssl enc -aes-256-cbc -salt -in <file> -out <encrypted_file> Encrypt a file using the AES-256-CBC cipher with a salt. You will be prompted for a password.
openssl enc -d -aes-256-cbc -in <file> -out <decrypted_file> Decrypt a file that was encrypted with AES-256-CBC. You will be prompted for the password.
openssl dgst -sha256 FILE Calculate the SHA-256 cryptographic hash of a file.
openssl dgst -md5 FILE Calculate the MD5 cryptographic hash of a file. Note: MD5 is considered cryptographically weak for security purposes.

Miscellaneous OpenSSL Utilities

A collection of other useful OpenSSL commands for system administration and security tasks.

Command Description
openssl version Display the installed version of OpenSSL.
openssl s_client -connect <host>:<port> Establish an SSL/TLS connection to a remote server to inspect its certificate and connection details.
openssl s_server -accept <port> -cert <cert> -key <key> Start a simple SSL/TLS server for testing purposes, using the specified certificate and private key.
openssl speed Run benchmark tests on various OpenSSL cryptographic algorithms to measure performance.
openssl ciphers -v List all supported cipher suites by OpenSSL, including their details.

For more in-depth information on OpenSSL commands and their options, refer to the official OpenSSL documentation.

← Back to security cheatsheets All cheatsheets 🙏  Credits & Acknowledgments