More functions and features provided by OpenSSL

For the following examples, here's a list of the files and what they represent:

1. cert.p12 = a PKCS#12 encoded certificate and key pair. This is one of the formats used by IIS.
   
2. cert.crt = a PEM encoded certificate. This is one of the formats used by Apache and the Load balancers.
   
3. cert.key and cert2.key = a PEM encoded key. This is one of the formats used by Apache and the Load balancers.
   
4. cert.csr = a certificate request. This is what gets sent to the CA for signing.

All examples assume you have OpenSSL installed somewhere on your PATH.

Converting from PEM (Apache/Load balancer) to PKCS#12 (IIS)

openssl pkcs12 -export -out cert.p12 -inkey cert.key -in cert.crt

Converting from PKCS#12 (IIS) to PEM (Apache/Load balancer)

This is a 2-step process. The first extracts the cert. The second extracts the key. Since the PKCS#12 certificate was encrypted during export, you'll need to provide that password. You'll be prompted for another password during the key extraction step. This will encrypt the resulting key but you can remove the password, as detailed later.

openssl pkcs12 -clcerts -nokeys -in cert.p12 -out cert.crt
openssl pkcs12 -nocerts -in cert.p12 -out cert.key

Removing a password from a key

openssl rsa -in cert.key -out cert2.key

Adding a password to a key

openssl rsa -in cert.key -des3 -out cert2.key

Displaying the contents of a Certificate Request

openssl req -in cert.csr -text

Displaying the contents of a self-signed certificate

openssl x509 -in cert.crt -text