wiki:openssl_commands
This is an old revision of the document!
Table of Contents
Openssl commands
Get cert expiration date from cert file
openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.com/cert.pem
Verfiy certs
openssl verify -CAfile certs/rootCA.crt certs/client.crt
openssl verify -CAfile certs/rootCA.crt certs/server.crt
Query site for expiration date
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates -issuer
Determine a Key Size from
Private Key
openssl rsa -in secret.key -text -noout | grep "Private-Key"
Public Key
openssl pkey -inform PEM -pubin -in pub.key -text -noout
Display the contents of a PEM formatted certificate
openssl x509 -in example.com.pem -text
Test explicit TLS with FTPS server
openssl s_client -starttls ftp -connect localhost:21
Get cert file from site
openssl s_client -connect example.com:443 -servername example.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt
Get OCSP stapling info
echo QUIT | openssl s_client -servername www.example.com:443 -connect xx.xxx.xxx.xx:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
wiki/openssl_commands.1635936687.txt.gz · Last modified: 2021/11/03 10:51 by antisa