Skip to content

Latest commit

 

History

History
41 lines (31 loc) · 1 KB

openssl_notes.MD

File metadata and controls

41 lines (31 loc) · 1 KB

Open SSL and SSL notes

How to dump the certificate chain from any web site:

openssl s_client -connect go.integration.livongo.com:443 -showcerts

Generate a self-signed cert:

openssl genrsa -out key.pem 2048
openssl req -new -sha256 -key key.pem -out csr.csr
openssl req -x509 -sha256 -days 1825 -key key.pem -in csr.csr -out certificate.pem
openssl req -in csr.csr -text -noout | grep -i "Signature.*SHA256" && echo "All is well"

Add a trusted root cert on a Mac:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain serviceca.crt

Verify the cert and key match:

openssl x509 -modulus -noout -in 6ef64fc7ef8ebcbb.crt | openssl sha256
openssl rsa -modulus -noout -in blah.me.key | openssl sha256

Convert a .crt to a .pem

openssl x509 -inform DER -in self-signed.crt -out self-signed.pem

Convert a PEM file to PKCS8

openssl pkcs8 -topk8 -nocrypt -in private.pem -inform pem -out private-pkcs8.key