OpenSSL is an open source implementation of Secure Socket Layer(SSL) and Transport Layer Security for web authentication.
The core library is written in C programming language and it offers cryptographic functions that supports SSL & TLS protocols. It relies on ciphers and algorithms to provide encryption.
The OpenSSL tool can be used when it comes to the following but not limited to:
- Generating keys
- Generating certificate signing requests
- Performing Encryption and Decryption
- Debugging TLS connections
OpenSSL is a commercial-grade powerful tool for SSL and TLS. Below are some of the most commonly used OpenSSL commands:
Generate CSR and Private Key
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
Generate CSR for a private key that is already existing
openssl req -out CSR.csr -key privateKey.key -new
Check the details of a CSR , private key, certificate and a PKCS#12 file (.pfx or .p12)
openssl req -text -noout -verify -in CSR.csr
openssl rsa -in privateKey.key -check
openssl x509 -in certificate.crt -text -noout
openssl pkcs12 -info -in keyStore.p12
Check if a private key, CSR and a certificate are matching by computing their MD5 sums
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5
All of them should have the same MD5 sum
OpenSSL is very broad with a lot of feaures. For a more comprehensive study check out the OpenSSL Cookbook
Great piece, just used this to verify my csr and key for one domain am installing ssl.