Thursday, November 06, 2008


Recently I used the openssl utility to generate key pairs and certificates. For example,
  • To generate a private key: openssl genrsa -out ca.key 2048
  • To create a self-signed certificate: openssl req -new -key ca.key -x509 -days 365 -out ca.crt
  • To create a certificate signing request: openssl req -new -key temp.key -out temp.csr
  • To create a certificate from a certificate signing request: openssl x509 -req -in temp.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out temp.crt
  • To display a certificate: openssl x509 -text -in temp.crt
  • To display the content of a pkcs12 formatted certificate (the displayed private key and certificate are in PEM format, which can be used in the above commands): openssl pkcs12 -in old_uk_escience.p12 -out old.txt
  • To convert from pkcs12 format to PEM format: openssl pkcs12 -in cred.p12 -out cert.pem -nodes -clcerts -nokeys, openssl pkcs12 -in cred.p12 -out key.pem -nodes -nocerts
  • To create pkcs12 format certificate using PEM format private key and certificate: openssl pkcs12 -in temp.crt -inkey temp.key -out temp.p12 -export

No comments: