Generate CSR + Private Key
openssl req -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out mailcert.csr
Generate self-signed certificate + private key
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Generate random password
openssl rand -base64 6
Get remote certificate expiration date
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
Get remote certificate
openssl s_client -showcerts -servername www.example.com -connect www.example.com:443
Check TLS Connection
openssl s_client -connect 172.24.17.1:443 -tls1_2
decrypt a private key to stop apache asking the password every time apache is restarted
openssl rsa -in key.pem -out newkey.pem
show specifics for a certificate
openssl x509 -text -noout -in /etc/pki/tls/certs/2018-www.avloni.com.crt
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5
Certificate Expiration Time
openssl x509 -enddate -noout -in file.pem