More_on_OpenSSL
11:17 AMMore functions and features provided by OpenSSL
For the following examples, here's a list of the files and what they represent:
- cert.p12 = a PKCS#12 encoded certificate and key pair. This is one of the formats used by IIS.
- cert.crt = a PEM encoded certificate. This is one of the formats used by Apache and the Load balancers.
- cert.key and cert2.key = a PEM encoded key. This is one of the formats used by Apache and the Load balancers.
- cert.csr = a certificate request. This is what gets sent to the CA for signing.
All examples assume you have OpenSSL installed somewhere on your PATH.
Converting from PEM (Apache/Load balancer) to PKCS#12 (IIS)
openssl pkcs12 -export -out cert.p12 -inkey cert.key -in cert.crt
Converting from PKCS#12 (IIS) to PEM (Apache/Load balancer)
This is a 2-step process. The first extracts the cert. The second extracts the key. Since the PKCS#12 certificate was encrypted during export, you'll need to provide that password. You'll be prompted for another password during the key extraction step. This will encrypt the resulting key but you can remove the password, as detailed later.
openssl pkcs12 -clcerts -nokeys -in cert.p12 -out cert.crt
openssl pkcs12 -nocerts -in cert.p12 -out cert.key
Removing a password from a key
openssl rsa -in cert.key -out cert2.key
Adding a password to a key
openssl rsa -in cert.key -des3 -out cert2.key
Displaying the contents of a Certificate Request
openssl req -in cert.csr -text
Displaying the contents of a self-signed certificate
openssl x509 -in cert.crt -text
0 comments