1/🔒 Generating a Private Key:
$ openssl genpkey -algorithm RSA -out private.key
Explanation: Generate a new RSA private key and save it in 'private.key'. Remember to keep your private keys secure!
$ openssl genpkey -algorithm RSA -out private.key
Explanation: Generate a new RSA private key and save it in 'private.key'. Remember to keep your private keys secure!
2/📃 Generating a Certificate Signing Request (CSR)
$ openssl req -new -key private.key -out csr.csr
Explanation: Create a CSR using the private key to request a digital certificate from a Certificate Authority (CA).
$ openssl req -new -key private.key -out csr.csr
Explanation: Create a CSR using the private key to request a digital certificate from a Certificate Authority (CA).
3/🌐 Generating a Self-Signed Certificate
$ openssl req -new -x509 -key private.key -out certificate.crt -days 365
Explanation: Create a self-signed certificate valid for 365 days. Useful for testing but not recommended for production.
$ openssl req -new -x509 -key private.key -out certificate.crt -days 365
Explanation: Create a self-signed certificate valid for 365 days. Useful for testing but not recommended for production.
4/🔑 Encrypting Files
$ openssl enc -aes256 -in sensitive.txt -out sensitive.enc
Explanation: Encrypt 'sensitive.txt' using AES256 encryption and store the result in 'sensitive.enc'.
$ openssl enc -aes256 -in sensitive.txt -out sensitive.enc
Explanation: Encrypt 'sensitive.txt' using AES256 encryption and store the result in 'sensitive.enc'.
5/🔐 Decrypting Files
$ openssl enc -aes256 -d -in sensitive.enc -out sensitive.txt
Explanation: Decrypt 'sensitive.enc' using AES256 encryption and retrieve the original content.
$ openssl enc -aes256 -d -in sensitive.enc -out sensitive.txt
Explanation: Decrypt 'sensitive.enc' using AES256 encryption and retrieve the original content.
6/📜 Verifying a Certificate
$ openssl x509 -in certificate.crt -noout -text
Explanation: Display detailed certificate information, including issuer, subject, validity, and public key details.
$ openssl x509 -in certificate.crt -noout -text
Explanation: Display detailed certificate information, including issuer, subject, validity, and public key details.
7/🔗 Checking SSL/TLS Connection
$ openssl s_client -connect example.com
Explanation: Test the SSL/TLS connection to 'example.com' on port 443 and view the server's certificate details.
$ openssl s_client -connect example.com
Explanation: Test the SSL/TLS connection to 'example.com' on port 443 and view the server's certificate details.
8/🗄️ Converting Certificate Formats
$ openssl x509 -in certificate.crt -out certificate.pem
Explanation: Convert a certificate from one format (e.g., .crt) to another (e.g., .pem).
$ openssl x509 -in certificate.crt -out certificate.pem
Explanation: Convert a certificate from one format (e.g., .crt) to another (e.g., .pem).
9/🔄 Creating a Certificate Chain
$ cat intermediate.crt root.crt > chain.crt
Explanation: Create a certificate chain ('chain.crt') by concatenating 'intermediate.crt' and 'root.crt'.
$ cat intermediate.crt root.crt > chain.crt
Explanation: Create a certificate chain ('chain.crt') by concatenating 'intermediate.crt' and 'root.crt'.
10/🔏 Signing a CSR with a CA
$ openssl x509 -req -in csr.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out certificate.crt -days 365
Explanation: Sign the CSR using the CA certificate and private key to create a valid certificate.
$ openssl x509 -req -in csr.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out certificate.crt -days 365
Explanation: Sign the CSR using the CA certificate and private key to create a valid certificate.
11/🔢 Generating a Random Number
$ openssl rand -hex 16
Explanation: Generate a random 128-bit hexadecimal number, useful for encryption keys or nonces.
$ openssl rand -hex 16
Explanation: Generate a random 128-bit hexadecimal number, useful for encryption keys or nonces.
12/🌐 Testing Heartbleed Vulnerability
$ openssl s_client -connect example[dot]com:443 -tlsextdebug -tls1 -x -no_ssl3
Explanation: Check if 'example[dot]com' is vulnerable to the Heartbleed bug (CVE-2014-0160) in TLS 1.0.
$ openssl s_client -connect example[dot]com:443 -tlsextdebug -tls1 -x -no_ssl3
Explanation: Check if 'example[dot]com' is vulnerable to the Heartbleed bug (CVE-2014-0160) in TLS 1.0.
13/📜 Checking CSR Details
$ openssl req -in csr.csr -noout -text
Explanation: Review the contents of a Certificate Signing Request (CSR), including provided information.
$ openssl req -in csr.csr -noout -text
Explanation: Review the contents of a Certificate Signing Request (CSR), including provided information.
14/📜 Viewing Certificate Expiry
$ openssl x509 -enddate -noout -in certificate.crt
Explanation: See the certificate's expiration date for timely renewal.
$ openssl x509 -enddate -noout -in certificate.crt
Explanation: See the certificate's expiration date for timely renewal.
15/📃 Checking Certificate Revocation
$ openssl crl -in certificate.crl -noout -text
Explanation: Inspect the Certificate Revocation List (CRL) for revoked certificates.
$ openssl crl -in certificate.crl -noout -text
Explanation: Inspect the Certificate Revocation List (CRL) for revoked certificates.
16/♻️ Converting PFX to PEM
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.pem
Explanation: Extract the certificate from a PFX file to PEM format.
$ openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.pem
Explanation: Extract the certificate from a PFX file to PEM format.
17/🔒 Creating a Password-Protected Private Key
$ openssl genpkey -algorithm RSA -aes256 -out private.key
Explanation: Generate an AES256 encrypted RSA private key with a passphrase.
$ openssl genpkey -algorithm RSA -aes256 -out private.key
Explanation: Generate an AES256 encrypted RSA private key with a passphrase.
18/🌐 Testing SSLv2/v3 Protocol Support
$ openssl s_client -connect example[dot]com:443 -ssl2/-ssl3
Explanation: Check if 'example[dot]com' supports SSLv2/v3 (deprecated and insecure).
$ openssl s_client -connect example[dot]com:443 -ssl2/-ssl3
Explanation: Check if 'example[dot]com' supports SSLv2/v3 (deprecated and insecure).
19/🔑 Extracting Public Key from Private Key
$ openssl rsa -in private.key -pubout -out public.key
Explanation: Retrieve the public key from the private key for sharing.
$ openssl rsa -in private.key -pubout -out public.key
Explanation: Retrieve the public key from the private key for sharing.
20/ 🔒 Encrypting and Decrypting Files with a Passphrase 🔒
Encrypting File:
$ openssl enc -aes256 -salt -in sensitive.txt -out sensitive.enc
Decrypting File:
$ openssl enc -aes256 -d -in sensitive.enc -out sensitive_decrypted.txt
Encrypting File:
$ openssl enc -aes256 -salt -in sensitive.txt -out sensitive.enc
Decrypting File:
$ openssl enc -aes256 -d -in sensitive.enc -out sensitive_decrypted.txt
📜 There you have it - 20 crucial OpenSSL examples!
Stay secure and explore the power of OpenSSL in your applications. Happy learning! 🚀
#OpenSSL #Cryptography #Security
Stay secure and explore the power of OpenSSL in your applications. Happy learning! 🚀
#OpenSSL #Cryptography #Security
Retweet the thread if you find it useful. Thanks!
Loading suggestions...