Certificates and OpenSSL Cheatsheet
View Cert Info
Single Cert
(For CSRs, replace x509
with req
)
Cert Chain/bundle
Bundle of multiple PEM certificates in the same file
# Full output
openssl crl2pkcs7 -nocrl -certfile CHAIN.crt | openssl pkcs7 -print_certs -text -noout
# Just subject and issuer
openssl crl2pkcs7 -nocrl -certfile CHAIN.crt | openssl pkcs7 -print_certs -noout
s_client and Connections
Show Cert Chain
STARTTLS
Shortcut Cert/CSR commands
Key and CSR
Key and Self Signed Cert
Cert/CSR commands
RSA Private Key
EC Private Key
# List supported curves
openssl ecparam -list_curves
# generate key
openssl ecparam -name prime256v1 -genkey -out server.key
Generate CSR
Generate SAN CSR
First create an openssl config file; openssl.cnf:
[ req ]
distinguished_name = dn
req_extensions = req_ext
prompt = no
default_md = sha256
[ dn ]
C = AU
ST = New South Wales
L = Sydney
O = Organisation
CN = wmax641.website
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = wmax641.website
DNS.2 = *.wmax641.website
Let's Encrypt
Sign CSR
Install certbot
package, prepare a CSR, then run the certbot
utility