├── LICENSE
└── README.md


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Integration-IT
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ## USEFULL OPENSLL COMMANDS
  2 | 
  3 | 
  4 | - SSL - Secure Socket Layer
  5 | - CSR - Certificate Signing Request
  6 | - TLS - Transport Layer Security
  7 | - PEM - Privacy Enhanced Mail
  8 | - DER - Distinguished Encoding Rules
  9 | - SHA - Secure Hash Algorithm
 10 | - PKCS - Public-Key Cryptography Standards
 11 | 
 12 | ---
 13 | #### Create new Private Key and Certificate Signing Request
 14 | ```bash
 15 | openssl req -out domain.csr -newkey rsa:2048 -nodes -keyout domain.key
 16 | ```
 17 | #### Create a Self-Signed Certificate
 18 | ```bash
 19 | openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout selfsigned.key -out cert.pem
 20 | openssl req -x509 -sha256 -nodes -days 360 -newkey rsa:2048 -keyout selfsigned.key -out cert.pem
 21 | ```
 22 | 
 23 | #### Verify CSR file
 24 | ```bash
 25 | openssl req -noout -text -in domain.csr
 26 | ```
 27 | 
 28 | #### Create RSA Private Key
 29 | ```bash
 30 | openssl genrsa -out private.key 2048
 31 | ```
 32 | 
 33 | #### Remove Passphrase from Key
 34 | ```bash
 35 | openssl rsa -in certkey.key -out nopassphrase.key
 36 | ```
 37 | 
 38 | #### Verify Private Key
 39 | ```bash
 40 | openssl rsa -in certkey.key -check
 41 | ```
 42 | 
 43 | #### Verify Certificate File
 44 | ```bash
 45 | openssl x509 -in certfile.pem -text -noout
 46 | ```
 47 | 
 48 | #### Verify the Certificate Signer Authority
 49 | ```bash
 50 | openssl x509 -in certfile.pem -noout -issuer -issuer_hash
 51 | ```
 52 | 
 53 | #### Check Hash Value of A Certificate
 54 | ```bash
 55 | openssl x509 -noout -hash -in domain.pem
 56 | ```
 57 | 
 58 | #### Convert DER to PEM format
 59 | ```bash
 60 | openssl x509 -inform der -in sslcert.der -out sslcert.pem
 61 | ```
 62 | 
 63 | #### Convert PEM to DER format
 64 | ```bash
 65 | openssl x509 -outform der -in sslcert.pem -out sslcert.der
 66 | ```
 67 | 
 68 | #### Convert Certificate and Private Key to PKCS#12 format
 69 | ```bash
 70 | openssl pkcs12 -export -out sslcert.pfx -inkey key.pem -in sslcert.pem
 71 | ```
 72 | 
 73 | #### Convert Certificate and Private Key to PKCS#12 format with chain
 74 | ```bash
 75 | openssl pkcs12 -export -out sslcert.pfx -inkey key.pem -in sslcert.pem -chain cacert.pem
 76 | ```
 77 | 
 78 | #### Create CSR using an existing private key
 79 | ```bash
 80 | openssl req -out certificate.csr -key existing.key -new
 81 | ```
 82 | 
 83 | #### Check contents of PKCS12 format cert
 84 | ```bash
 85 | openssl pkcs12 -info -nodes -in cert.p12
 86 | ```
 87 | 
 88 | #### Convert PKCS12 format to PEM certificate
 89 | ```bash
 90 | openssl pkcs12 -in cert.p12 -out cert.pem
 91 | ```
 92 | 
 93 | #### Test SSL certificate of particular URL
 94 | ```bash
 95 | openssl s_client -connect yoururl.com:443 -showcerts
 96 | ```
 97 | 
 98 | #### Find out OpenSSL version
 99 | ```bash
100 | openssl version
101 | ```
102 | 
103 | #### Check PEM File Certificate Expiration Date
104 | ```bash
105 | openssl x509 -noout -in certificate.pem -dates
106 | ```
107 | 
108 | #### Check Certificate Expiration Date of SSL URL
109 | ```bash
110 | openssl s_client -connect targeturl.com:443 2>/dev/null | openssl x509 -noout -enddate
111 | ```
112 | 
113 | #### Check if SSL V2 or V3 is accepted on URL
114 | ```bash
115 | openssl s_client -connect targeturl.com:443 -ssl2
116 | openssl s_client -connect targeturl.com:443 -ssl3
117 | openssl s_client -connect targeturl.com:443 -tls1
118 | openssl s_client -connect targeturl.com:443 -tls1_1
119 | openssl s_client -connect targeturl.com:443 -tls1_2
120 | ```
121 | 
122 | #### Verify if the particular cipher is accepted on URL
123 | ```bash
124 | openssl s_client -cipher 'ECDHE-ECDSA-AES256-SHA' -connect targeturl:443
125 | ```
126 | 


--------------------------------------------------------------------------------