OpenSSL is an open source implementation of Secure Socket Layer(SSL) and Transport Layer Security for web authentication.

The core library is written in C programming language and it offers cryptographic functions that supports SSL & TLS protocols. It relies on ciphers and algorithms to provide encryption.

The OpenSSL tool can be used when it comes to the following but not limited to:

  • Generating keys
  • Generating certificate signing requests
  • Performing Encryption and Decryption
  • Debugging TLS connections

OpenSSL is a commercial-grade powerful tool for SSL and TLS. Below are some of the most commonly used OpenSSL commands:

Generate CSR and Private Key

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Generate CSR for a private key that is already existing

openssl req -out CSR.csr -key privateKey.key -new

Check the details of a CSR , private key, certificate and a PKCS#12 file (.pfx or .p12)

openssl req -text -noout -verify -in CSR.csr
openssl rsa -in privateKey.key -check
openssl x509 -in certificate.crt -text -noout
openssl pkcs12 -info -in keyStore.p12

Check if a private key, CSR and a certificate are matching by computing their MD5 sums

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

All of them should have the same MD5 sum

OpenSSL is very broad with a lot of feaures. For a more comprehensive study check out the OpenSSL Cookbook

1 Comment

Leave a Reply

Your email address will not be published.