Differences

This shows you the differences between two versions of the page.

--- wiki:openssl_commands [2022/10/24 13:48] – add See also antisa
+++ wiki:openssl_commands [2025/10/16 08:46] (current) – add CSR check command and fix indent antisa
@@ Line 2: / Line 2: @@
 ====== Openssl commands ======
+===== Check CSR =====
+  openssl req -text -noout -verify -in google.com.csr
 ===== Get cert expiration date from cert file =====
-   openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.com/cert.pem
+  openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.com/cert.pem
 ===== Verfiy certs =====
-   openssl verify -CAfile certs/rootCA.crt certs/client.crt
+  openssl verify -CAfile certs/rootCA.crt certs/client.crt
-   openssl verify -CAfile certs/rootCA.crt certs/server.crt
+  openssl verify -CAfile certs/rootCA.crt certs/server.crt
 ===== Query site for expiration date =====
@@ Line 35: / Line 38: @@
 ===== Get cert file from site =====
-  openssl s_client -connect example.com:443 -servername example.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt
+  openssl s_client -connect example.com:443 -servername example.com < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout
+<WRAP center round info 60%>
+-connect can be the IP address of a server and is not necessarily the same as the -servername. Use -servername when sharing multiple SSL hosts on a single IP address,
+</WRAP>
 ===== Get OCSP stapling info =====
@@ Line 107: / Line 114: @@
   * https://www.xolphin.com/support/OpenSSL/Frequently_used_OpenSSL_Commands
   * https://www.namecheap.com/support/knowledgebase/article.aspx/9781/2238/nginx-ssl-error0b080074x509-certificate-routines-x509checkprivatekeykey-values-mismatch
+  * https://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-server
+  * https://pleasantpasswords.com/info/pleasant-password-server/b-server-configuration/3-installing-a-3rd-party-certificate/openssl-commands