Frequently used OpenSSL Commands (2024)

Table of Contents
General OpenSSL Commands Check the CSR, Private Key or Certificate using OpenSSL Debugging with OpenSSL Convert certificates using OpenSSL FAQs

General OpenSSL Commands

The following commands show how to create CSRs, certificates and private keys, in addition to a few other tasks using OpenSSL.

  • Generate a new private key and CSR (Unix) openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout server.key -out server.csropenssl req -out CSR.csr -pubkey -new -keyout privateKey.key
  • Generate a new private key and CSR (Windows) openssl req -out CSR.csr -pubkey -new -keyout privateKey.key -config .shareopenssl.cmf
  • Generate a CSR for an existing private key openssl req -out CSR.csr -key privateKey.key -new
  • Generate a CSR based on an existing certificate openssl x509 -x509toreq -in MYCRT.crt -out CSR.csr -signkey privateKey.key
  • Generate a self-signed certificate openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
  • Remove a password from a private key openssl rsa -in privateKey.pem -out newPrivateKey.pem

Check the CSR, Private Key or Certificate using OpenSSL

Use the following commands to check the information of a certificate, CSR or private key. Our online Tools LINK can also be used for this purpose.

  • Check a CSR openssl req -text -noout -verify -in CSR.csr
  • Check a private key openssl rsa -in privateKey.key -check
  • Check a certificate openssl x509 -in certificate.crt -text -noout
  • Check a PKCS#12 file (.pfx or .p12) openssl pkcs12 -info -in keyStore.p12

Debugging with OpenSSL

With error messages like 'the Private Key does not match the Certificate' or 'the Certificate is not Trusted' you can use one of the following commands. Please also use our online SSL Check LINK tool to check the certificate.

  • Check the MD5 hash of the public key to check if it is equal to what is in the CSR or private key. openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5
  • Check an SSL connection. All certificates (also intermediate certificates) should be displayed. openssl s_client -connect www.paypal.com:443

Convert certificates using OpenSSL

With the commands below files can be converted to another format. This is sometimes necessary to make certificates or private keys suitable for different types of servers or software. A PEM file for Apache can, for example, be converted to a PFX (PCKS#12) file for use with Tomcat or IIS.

  • Convert a DER file (.crt .cer .der) to PEM openssl x509 -inform der -in certificate.cer -out certificate.pem
  • Convert a PEM file to DER openssl x509 -outform der -in certificate.pem -out certificate.der
  • Convert a PKCS#12 file (.pfx .p12) including the private key and certificate(s) to PEM openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Note: Add -nocerts to only convert the private key, or add -nokeys to convert only the certificates.

  • Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12) openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
See Also
Certificate and Key FormatsFix the IIS 7 "No Private Key" Error Message - SSL.comStep 1: Creating private keys and certificates
Frequently used OpenSSL Commands (2024)

FAQs

What are OpenSSL commands? ›

General OpenSSL Commands

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks. Generate a new private key and Certificate Signing Request openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key.

Read On
How to check the CSR using OpenSSL? ›

Check the CSR, Private Key or Certificate using OpenSSL
  1. Check a CSR openssl req -text -noout -verify -in CSR.csr.
  2. Check a private key openssl rsa -in privateKey.key -check.
  3. Check a certificate openssl x509 -in certificate.crt -text -noout.
  4. Check a PKCS#12 file (.pfx or .p12) openssl pkcs12 -info -in keyStore.p12.

Discover More Details
How to check SSL protocol using OpenSSL command? ›

Using OpenSSL s_client commands to test SSL connectivity
  1. In the command line, enter openssl s_client -connect <hostname> : <port> . This opens an SSL connection to the specified hostname and port and prints the SSL certificate.
  2. Check the availability of the domain from the connection results.

Continue Reading
What does OpenSSL verify command do? ›

Check a certificate and return information about it (signing authority, expiration date, etc.)

See Details
What is OpenSSL for dummies? ›

OpenSSL is an open source software library useful for encryption and secure network communication. SSL stands for ​S​ecure ​S​ockets ​L​ayer, a cryptographic communications protocol.

Find Out More
How to run OpenSSL in command prompt? ›

Solution
  1. In Windows, click Start Run.
  2. In the Open box, type CMD and click OK.
  3. A command prompt window appears.
  4. Type the following command at the prompt and press Enter: cd \OpenSSL-Win32.
  5. The line changes to C:\OpenSSL-Win32.
  6. Type the following command at the prompt and press Enter: ...
  7. Restart computer (mandatory)
Nov 1, 2023

Tell Me More
What is OpenSSL used for? ›

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

Show Me More
How to check private key of a certificate in OpenSSL? ›

How do I verify that a private key matches a certificate? (...
  1. To verify the consistency of the RSA private key and to view its modulus: openssl rsa -modulus -noout -in myserver.key | openssl md5. ...
  2. To view the modulus of the RSA public key in a certificate: ...
  3. To search for all private keys on your server:

Explore More
How to use OpenSSL to generate private keys? ›

Procedure
  1. Once installed, run the OpenSSL command prompt. Type openssl to start the application.
  2. To generate a new RSA private key, type: genrsa -out {path_to_pem_file} 2048. ...
  3. To generate a public key, type: rsa -pubout -in {path_private_pem} -out (path_public_pem)

Continue Reading
What are OpenSSL ciphers? ›

The SSL-supported cipher suites represent the ciphers that are supported by that particular version of the SSL certificate for encrypting the data transmitted between the client and the server. TLS 1.2, the most extensively used version of TLS in the world, has 37 ciphers in total.

Show Me More

How to view certificate details in OpenSSL command? ›

To view a certificate using OpenSSL, you use the openssl x509 -in [certificate. crt] -text -noout command. This command allows you to view the details of a certificate stored in a file named certificate.

Read The Full Story
How do I close OpenSSL connection immediately? ›

You can press CTRL + C to quit or insert the echo command, which will terminate the OpenSSL test connection to the server immediately after a check.

See Details
How to tell if a certificate is being used? ›

There is an effortless way to check if a site uses SSL certificates. Every site that uses the SSL certificate system will have the HTTPS protocol specifier in its web address. While HTTP stands for HyperText Transfer Protocol, the S adds the security part provided by SSL.

Get More Info Here
How to decode CSR in OpenSSL? ›

You can use OpenSSL commands such as the 'openssl req' command to decrypt the CSR file. Can I read the text of a CSR in the command line? Yes, you can read the text of a CSR in the command line. Use the 'openssl req -text' command to view the contents of the CSR file.

Continue Reading
How to check if a certificate is trusted or not? ›

You can verify the SSL certificate on your web server to make sure it is correctly installed, valid, trusted and doesn't give any errors to any of your users. To use the SSL Checker, simply enter your server's public hostname (internal hostnames aren't supported) in the box below and click the Check SSL button.

View More
What does OpenSSL ciphers command do? ›

You can use "openssl ciphers" command to see a list of available ciphers for OpenSSL(These are the ciphers available to the openssl client, this list is not related to the PingFederate service). Using a cipher not supported by the server results in an error similar to the following.

View Details
What is the OpenSSL RSA command? ›

DESCRIPTION. The rsa command processes RSA keys. They can be converted between various forms and their components printed out. Note: This command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the pkcs8 utility.

See More
What is the difference between SSL and OpenSSL? ›

What is the difference between SSL and OpenSSL? Secure SSL: It is a certificate you install at the server. OpenSSL is a general-purpose cryptography library that provides an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.…

Learn More
Top Articles
Are Crypto Rug Pulls Illegal? And Why it is Not Worth It
The General Aggregate Limit - What Is It? | LandesBlosch
English Bulldog Puppies For Sale Under 1000 In Florida
Katie Pavlich Bikini Photos
Gamevault Agent
Pieology Nutrition Calculator Mobile
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Compare the Samsung Galaxy S24 - 256GB - Cobalt Violet vs Apple iPhone 16 Pro - 128GB - Desert Titanium | AT&T
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Craigslist Dog Kennels For Sale
Things To Do In Atlanta Tomorrow Night
Non Sequitur
Crossword Nexus Solver
How To Cut Eelgrass Grounded
Pac Man Deviantart
Alexander Funeral Home Gallatin Obituaries
Energy Healing Conference Utah
Geometry Review Quiz 5 Answer Key
Hobby Stores Near Me Now
Icivics The Electoral Process Answer Key
Allybearloves
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Pearson Correlation Coefficient
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
Marquette Gas Prices
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Vera Bradley Factory Outlet Sunbury Products
Pixel Combat Unblocked
Movies - EPIC Theatres
Cvs Sport Physicals
Mercedes W204 Belt Diagram
Mia Malkova Bio, Net Worth, Age & More - Magzica
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Teenbeautyfitness
Where Can I Cash A Huntington National Bank Check
Topos De Bolos Engraçados
Sand Castle Parents Guide
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Hello – Cornerstone Chapel
Stoughton Commuter Rail Schedule
Nfsd Web Portal
Selly Medaline
Latest Posts
Resources In Special Education
Best Ways To Use Amex Membership Rewards Points
Article information

Author: Frankie Dare

Last Updated:

Views: 5430

Rating: 4.2 / 5 (73 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Frankie Dare

Birthday: 2000-01-27

Address: Suite 313 45115 Caridad Freeway, Port Barabaraville, MS 66713

Phone: +3769542039359

Job: Sales Manager

Hobby: Baton twirling, Stand-up comedy, Leather crafting, Rugby, tabletop games, Jigsaw puzzles, Air sports

Introduction: My name is Frankie Dare, I am a funny, beautiful, proud, fair, pleasant, cheerful, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.