OpenSSL

Recently I used the openssl utility to generate key pairs and certificates. For example,

• To generate a private key: openssl genrsa -out ca.key 2048
• To create a self-signed certificate: openssl req -new -key ca.key -x509 -days 365 -out ca.crt
  
• To create a certificate signing request: openssl req -new -key temp.key -out temp.csr
• To create a certificate from a certificate signing request: openssl x509 -req -in temp.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out temp.crt
• To display a certificate: openssl x509 -text -in temp.crt
• To display the content of a pkcs12 formatted certificate (the displayed private key and certificate are in PEM format, which can be used in the above commands): openssl pkcs12 -in old_uk_escience.p12 -out old.txt
• To convert from pkcs12 format to PEM format: openssl pkcs12 -in cred.p12 -out cert.pem -nodes -clcerts -nokeys, openssl pkcs12 -in cred.p12 -out key.pem -nodes -nocerts
  
• To create pkcs12 format certificate using PEM format private key and certificate: openssl pkcs12 -in temp.crt -inkey temp.key -out temp.p12 -export