2013-08-22 03:34:11 +02:00
|
|
|
# To create a 2048-bit private key:
|
2013-08-20 03:31:34 +02:00
|
|
|
openssl genrsa -out server.key 2048
|
|
|
|
|
|
2013-08-22 03:34:11 +02:00
|
|
|
# To create the Certificate Signing Request (CSR):
|
2013-08-20 03:31:34 +02:00
|
|
|
openssl req -new -key server.key -out server.csr
|
|
|
|
|
|
2013-08-22 03:34:11 +02:00
|
|
|
# To sign a certificate using a private key and CSR:
|
2013-08-20 03:31:34 +02:00
|
|
|
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
|
|
|
|
|
|
2013-10-28 18:22:55 +01:00
|
|
|
# (The above commands may be run in sequence to generate a self-signed SSL certificate.)
|
|
|
|
|
|
2013-10-28 13:16:01 +01:00
|
|
|
# To show certificate information for a certificate signing request
|
|
|
|
|
openssl req -text -noout -in server.csr
|
|
|
|
|
|
|
|
|
|
# To show certificate information for generated certificate
|
|
|
|
|
openssl x509 -text -noout -in server.crt
|
|
|
|
|
|
2017-07-30 10:26:56 +02:00
|
|
|
# To get the sha256 fingerprint of a certificate
|
|
|
|
|
openssl x509 -in server.crt -noout -sha256 -fingerprint
|
|
|
|
|
|
2013-09-02 03:10:41 +02:00
|
|
|
# To view certificate expiration:
|
|
|
|
|
echo | openssl s_client -connect <hostname>:443 2> /dev/null | \
|
2013-09-01 21:56:15 +02:00
|
|
|
awk '/-----BEGIN/,/END CERTIFICATE-----/' | \
|
|
|
|
|
openssl x509 -noout -enddate
|
2015-09-04 10:10:32 +02:00
|
|
|
|
|
|
|
|
# Generate Diffie-Hellman parameters:
|
2015-09-04 11:16:18 +02:00
|
|
|
openssl dhparam -outform PEM -out dhparams.pem 2048
|
