OpenSSL Cheatsheet

Formats

Base64 ⇒ PEM
Binary ⇒ DER

Export .p7b chain into .cer bundle

p7b has all the certs collapsed into a single one; this will break them back out into individual certs again

openssl pkcs7 -inform DER -outform PEM -in chain.p7b -print_certs > cert_bundle.crt

Retrieve cert from web server

openssl s_client -showcerts $serverFqdn:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > certificate.crt

View certificate information

openssl x509 -in certificate.crt -text -noout

Quick self-signed certificate

openssl req -nodes -new -x509 -keyout server.key -out server.cer \
  -subj "C=/US/ST=State/L=City/O=company/OU=unit/CN=www.example.com"

Generate standard CSR

openssl req -new \
  -newkey rsa:4096 -nodes -keyout hostname.key \
  -out hostname.csr \
  -subj "/C=US/ST=State/L=City/O=company/OU=unit/CN=www.example.com"

For CSR w/ SAN: Generate CSR with SAN

Review CSR

openssl req -text -noout -verify -in csr.csr

[ notes to myself ]

Explorer

OpenSSL Cheatsheet

Formats

Export .p7b chain into .cer bundle

Retrieve cert from web server

View certificate information

Quick self-signed certificate

Generate standard CSR

Review CSR

Table of Contents

Backlinks