Search This Blog

Google Analytics

Wednesday, April 10, 2024

Useful openssl commands to generate certificates and keys

I hope the following will come handy when it comes to generating key pairs and certificates.
# Generate a Private Key
openssl genrsa -out privatekey.pem 2048

# Generate a self-signed certificate
openssl req -new -x509 -key privatekey.pem -out self_signed_certificate.pem -days 365

# Convert PEM certificate to CER format
openssl x509 -inform PEM -in self_signed_certificate.pem -outform DER -out self_signed_certificate.cer

# Convert a PEM certificate to a PFX (PKCS#12) file
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.pem -in self_signed_certificate.pem

# Extract a private key from a PFX file (contain bag attributes)
# openssl pkcs12 -in certificate.pfx -nocerts -nodes -out privatekey_frompfx.pem
openssl pkcs12 -in certificate.pfx -nocerts -nodes -out privatekey_frompfx.key

# Extract a private key (no bag attributes) - identical to privatekey.pem
openssl rsa -in privatekey_frompfx.key -out privatekey_frompfx.key

# Extract public key from key pair
openssl rsa -in privatekey_frompfx.key -pubout -out publickey.key
#openssl rsa -in privatekey.pem -pubout -out publickey2.key

# Convert CER to CRT
openssl x509 -inform DER -in self_signed_certificate.cer -out self_signed_certificate.crt
#openssl x509 -inform PEM -in self_signed_certificate.cer -out self_signed_certificate.crt

# Convert CRT to CER
openssl x509 -in self_signed_certificate.crt -outform DER -out self_signed_certificate2.cer

#####
# Generate a Certificate Signing Request (CSR) - optional if going to generate a self-signed
#openssl req -new -key privatekey.pem -out certificate_request.csr
#openssl x509 -req -in certificate_request.csr -signkey privatekey.pem -out self_signed_certificate3.crt

Popular Posts