wiki:openssl_commands
This is an old revision of the document!
Table of Contents
Openssl commands
Get cert expiration date from cert file
openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.com/cert.pem
Verfiy certs
openssl verify -CAfile certs/rootCA.crt certs/client.crt
openssl verify -CAfile certs/rootCA.crt certs/server.crt
Query site for expiration date
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates -issuer
Determine a Key Size from
Private Key
openssl rsa -in secret.key -text -noout | grep "Private-Key"
Public Key
openssl pkey -inform PEM -pubin -in pub.key -text -noout
Display the contents of a PEM formatted certificate
openssl x509 -in example.com.pem -text
Test explicit TLS with FTPS server
openssl s_client -starttls ftp -connect localhost:21
Get cert file from site
openssl s_client -connect example.com:443 -servername example.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt
Get OCSP stapling info
echo QUIT | openssl s_client -servername www.example.com:443 -connect xx.xxx.xxx.xx:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
Check if certificate is valid with private key
If you get an error like
Oct 23 17:55:05 hpb01-rp nginx[2837]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/some.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Check certificate and private key
openssl x509 -in /path/to/yourdomain.crt -noout -modulus | openssl sha1
openssl rsa -in /path/to/your.key -noout -modulus | openssl sha1
You need to get the same sha sum from both commands.
References
wiki/openssl_commands.1666182699.txt.gz · Last modified: 2022/10/19 14:31 by antisa