mirror of
https://github.com/trimstray/the-book-of-secret-knowledge
synced 2025-01-15 03:40:59 +01:00
add new one-liners to 'OpenSSL'
- signed-off-by: trimstray <trimstray@gmail.com>
This commit is contained in:
parent
4925ff93dc
commit
70804caebe
1 changed files with 46 additions and 6 deletions
52
README.md
52
README.md
|
@ -2101,28 +2101,28 @@ openssl rsa -check -in ${_fd} )
|
||||||
openssl rsa -pubout -in ${_fd} -out ${_fd_pub} )
|
openssl rsa -pubout -in ${_fd} -out ${_fd_pub} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Generate private key and csr
|
###### Generate private key and CSR
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
( _fd="private.key" ; _fd_csr="request.csr" ; _len="4096" ; \
|
( _fd="private.key" ; _fd_csr="request.csr" ; _len="4096" ; \
|
||||||
openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} )
|
openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Generate csr
|
###### Generate CSR
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
( _fd="private.key" ; _fd_csr="request.csr" ; \
|
( _fd="private.key" ; _fd_csr="request.csr" ; \
|
||||||
openssl req -out ${_fd_csr} -new -key ${_fd} )
|
openssl req -out ${_fd_csr} -new -key ${_fd} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Generate csr (metadata from exist certificate)
|
###### Generate CSR (metadata from existing certificate)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \
|
( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \
|
||||||
openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} )
|
openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Generate csr with -config param
|
###### Generate CSR with -config param
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
( _fd="private.key" ; _fd_csr="request.csr" ; \
|
( _fd="private.key" ; _fd_csr="request.csr" ; \
|
||||||
|
@ -2184,7 +2184,7 @@ openssl ec -in ${_fd} -noout -text )
|
||||||
openssl pkey -in ${_fd} -pubout -out ${_fd_pub} )
|
openssl pkey -in ${_fd} -pubout -out ${_fd_pub} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Generate private key with csr (ECC)
|
###### Generate private key with CSR (ECC)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# _curve: prime256v1, secp521r1, secp384r1
|
# _curve: prime256v1, secp521r1, secp384r1
|
||||||
|
@ -2220,6 +2220,12 @@ openssl x509 -signkey ${_fd} -nodes \
|
||||||
-in ${_fd_csr} -req -days ${_days} -out ${_fd_out} )
|
-in ${_fd_csr} -req -days ${_days} -out ${_fd_out} )
|
||||||
```
|
```
|
||||||
|
|
||||||
|
###### Generate DH Param key
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl dhparam -out /etc/nginx/ssl/dhparam_4096.pem 4096
|
||||||
|
```
|
||||||
|
|
||||||
###### Convert DER to PEM
|
###### Convert DER to PEM
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -2234,7 +2240,41 @@ openssl x509 -in ${_fd_der} -inform der -outform pem -out ${_fd_pem} )
|
||||||
openssl x509 -in ${_fd_pem} -outform der -out ${_fd_der} )
|
openssl x509 -in ${_fd_pem} -outform der -out ${_fd_der} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Checking whether the private key and the certificate match
|
###### Verification of the private key
|
||||||
|
|
||||||
|
```bash
|
||||||
|
( _fd="private.key" ; \
|
||||||
|
openssl rsa -noout -text -in ${_fd} )
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Verification of the public key
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# 1)
|
||||||
|
( _fd="public.key" ; \
|
||||||
|
openssl pkey -noout -text -pubin -in ${_fd} )
|
||||||
|
|
||||||
|
# 2)
|
||||||
|
( _fd="private.key" ; \
|
||||||
|
openssl rsa -inform PEM -noout -in ${_fd} &> /dev/null ; \
|
||||||
|
if [ $? = 0 ] ; then echo -en "OK\n" ; fi )
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Verification of the certificate
|
||||||
|
|
||||||
|
```bash
|
||||||
|
( _fd="certificate.crt" ; # format: pem, cer, crt \
|
||||||
|
openssl x509 -noout -text -in ${_fd} )
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Verification of the CSR
|
||||||
|
|
||||||
|
```bash
|
||||||
|
( _fd_csr="request.csr" ; \
|
||||||
|
openssl req -text -noout -in ${_fd_csr} )
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Check whether the private key and the certificate match
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
|
(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
|
||||||
|
|
Loading…
Reference in a new issue