====== OpenSSL ====== ===== Tworzenie certyfikatu self-signed ===== Konfig OpenSSL-a (wyedytuj wg. uznania):

cat > ssl.conf <

Wklejka do generowania:


openssl genrsa -out localhost.key 4096
openssl req -new -sha256 -batch -key localhost.key -out localhost.csr -config ssl.conf
openssl x509 -req -days 3650 -in localhost.csr -signkey localhost.key -out localhost.crt -extensions req_ext -extfile ssl.conf


==== Ustawianie/usuwanie hasła z klucza ====


openssl rsa -des -in localhost.key -out localhost.key.enc



openssl rsa -in localhost.key.enc -out localhost.key


===== Weryfikacje =====
==== Sprawdzanie certyfikatu ====


openssl x509 -in localhost.crt -text -noout


Jeśli mamy podpisany przez CA:


openssl verify -CAfile CA.pem localhost.crt


==== Sprawdzanie pary: certyfikat + klucz ====
W obu przypadkach wartość ''modulus'' powinna być taka sama:

openssl x509 -noout -modulus -in localhost.crt
openssl rsa -noout -modulus -in localhost.key


==== Sprawdzanie Seriala, odcisków MD5 i SHA256 ====
Serial:

openssl x509 -noout -serial -in localhost.crt


Odcisk MD5:

openssl x509 -noout -fingerprint -in localhost.crt


Odcisk SHA256:

openssl x509 -noout -fingerprint -sha256 -in localhost.crt


===== Konwersja =====

==== DER -> PEM ====

openssl x509 -inform der -in localhost.der -out localhost.pem


==== PKCS#12 -> PEM ====
Wynikiem będzie zestaw certyfikatów i klucza w jednym pliku PEM.

openssl pkcs12 -nodes -in keyStore.p12 -out keyStore.pem 


==== PEM -> DER ====

openssl x509 -outform der -in localhost.pem -out localhost.der


==== PEM -> PKCS#12 ====

openssl pkcs12 -export -inkey localhost.key -in localhost.pem -certfile ca.pem -out certificate.p12


====== Credits =====
https://gist.github.com/croxton/ebfb5f3ac143cd86542788f972434c96