OpenSSL Commands
OpenSSL commands for certificates, keys, and encryption.
Certificate Generation
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365Generate self-signed certificate
openssl req -new -key private.key -out request.csrGenerate certificate signing request (CSR)
openssl req -newkey rsa:2048 -nodes -keyout key.pem -out request.csrGenerate CSR with new private key
openssl x509 -req -in request.csr -signkey private.key -out cert.pemSign CSR with private key
openssl genrsa -out private.key 4096Generate 4096-bit RSA private key
openssl genrsa -aes256 -out private.key 4096Generate encrypted RSA private key
Certificate Viewing
openssl x509 -in cert.pem -text -nooutView certificate details
openssl x509 -in cert.pem -noout -datesShow certificate validity dates
openssl x509 -in cert.pem -noout -subjectShow certificate subject
openssl x509 -in cert.pem -noout -issuerShow certificate issuer
openssl x509 -in cert.pem -noout -fingerprintShow certificate fingerprint
openssl req -in request.csr -text -nooutView CSR details
openssl rsa -in private.key -text -nooutView private key details
Certificate Conversion
openssl x509 -in cert.pem -outform DER -out cert.derConvert PEM to DER format
openssl x509 -in cert.der -inform DER -out cert.pemConvert DER to PEM format
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pemConvert PEM to PKCS12/PFX
openssl pkcs12 -in cert.pfx -out cert.pem -nodesConvert PKCS12 to PEM
openssl rsa -in key.pem -outform DER -out key.derConvert private key to DER
Key Operations
openssl rsa -in private.key -pubout -out public.keyExtract public key from private key
openssl rsa -in encrypted.key -out decrypted.keyRemove passphrase from private key
openssl rsa -aes256 -in key.pem -out encrypted.keyAdd passphrase to private key
openssl rsa -in key.pem -checkVerify private key consistency
openssl ec -in ec_key.pem -text -nooutView EC private key
openssl ecparam -genkey -name secp384r1 -out ec_key.pemGenerate EC private key
SSL/TLS Testing
openssl s_client -connect host:443Test SSL/TLS connection
openssl s_client -connect host:443 -showcertsShow server certificate chain
openssl s_client -connect host:443 -servername hostnameTest with SNI (Server Name Indication)
openssl s_client -connect host:443 -tls1_2Force TLS 1.2
openssl s_client -connect host:443 -cipher "ECDHE-RSA-AES128-GCM-SHA256"Test specific cipher
echo | openssl s_client -connect host:443 2>/dev/null | openssl x509 -noout -datesQuick certificate expiry check
Hashing & Digests
openssl dgst -sha256 file.txtCalculate SHA-256 hash of file
openssl dgst -md5 file.txtCalculate MD5 hash of file
openssl dgst -sha1 file.txtCalculate SHA-1 hash of file
openssl dgst -sha256 -sign private.key -out signature.bin file.txtSign file with private key
openssl dgst -sha256 -verify public.key -signature signature.bin file.txtVerify signature with public key
Encryption & Decryption
openssl enc -aes-256-cbc -salt -in file.txt -out file.encEncrypt file with AES-256
openssl enc -aes-256-cbc -d -in file.enc -out file.txtDecrypt AES-256 encrypted file
openssl rsautl -encrypt -pubin -inkey public.key -in file.txt -out file.encEncrypt with RSA public key
openssl rsautl -decrypt -inkey private.key -in file.enc -out file.txtDecrypt with RSA private key
openssl enc -base64 -in file.txt -out file.b64Base64 encode file
openssl enc -base64 -d -in file.b64 -out file.txtBase64 decode file
Certificate Verification
openssl verify cert.pemVerify certificate against trusted CAs
openssl verify -CAfile ca.pem cert.pemVerify certificate against specific CA
openssl x509 -in cert.pem -noout -checkend 86400Check if cert expires within 24 hours
openssl rsa -in private.key -checkVerify private key
openssl x509 -noout -modulus -in cert.pem | openssl md5Get certificate modulus hash
openssl rsa -noout -modulus -in key.pem | openssl md5Get private key modulus hash
Advanced Operations
openssl rand -hex 32Generate 32-byte random hex string
openssl rand -base64 32Generate 32-byte random base64 string
openssl passwd -1 "password"Generate MD5 password hash
openssl speed rsa2048Benchmark RSA 2048 performance
openssl ciphers -vList all available ciphers
openssl version -aShow detailed OpenSSL version info