https://old.andunix.net/ 2026-04-03T14:32:55+00:00 https://old.andunix.net/ https://old.andunix.net/_media/favicon.ico text/html 2013-02-18T14:26:27+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/compare_key_with_certificate Compare a Key with its Certificate Credit for this example goes to “Verifying that a Private Key Matches a Certificate” from the University of Wisconsin Knowledgebase. To see if a key server.key belongs to the certificate server.crt, they need to have the same “modulus” and “exponent”. openssl x509 -noout -text -in server.crt openssl rsa -noout -text -in server.key text/html 2014-11-20T08:13:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/generate_key Generate a Test Key openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout testkey.key -out testkey.crt Informations about the used arguments from the OpenSSL man page: * req: PKCS#10 certificate request and certificate generating utility. * -x509: this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configurati… text/html 2013-02-18T14:27:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_all_certificates_in_a_file Print all certificates in a file This command is especially helpful if you want to use Tomcat-/Java-Keystore-Certificates with the Apache webserver. Use the -print_certs to print all the certificates and then cut the file and store each certificate in a single file. text/html 2015-01-29T09:15:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_key Print Information about a Key openssl x509 -inform DER -in testkey.cer -noout -text Informations about the used arguments from the OpenSSL man page: * x509: Certificate display and signing utility. * -inform DER: This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as -req are present. The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines … text/html 2015-12-09T07:36:40+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_certificate Print Information about a Certificate openssl x509 -in testkey.crt -noout -text Informations about the used arguments from the OpenSSL man page: * x509: Certificate display and signing utility. * -in testkey.crt: This specifies the input filename to read a certificate from or standard input if this option is not specified. text/html 2019-01-17T19:19:12+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/convert_key Convert a Key Convert P12 to Java Keystore keytool -importkeystore -srckeystore testkey.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore testkey.jks -deststoretype jks -destalias testkey You can add -deststorepass PASSWORD to set the password on the command line. If you don't, keytool will ask you for a password. text/html 2014-12-18T15:34:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/convert_certificate Convert a Certificate Convert DER to PEM openssl x509 -inform der -in testkey.der -out testkey.pem Convert PEM to DER openssl x509 -outform der -in testkey.pem -out testkey.der openssl security cryptography certificate howto text/html 2015-01-29T09:15:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_signature Print Information about a Signature openssl pkcs7 -in signature.p7s -text -inform DER -print_certs -noout cryptography howto openssl security text/html 2014-04-28T08:07:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/debug_server_certificate_from_client Debug Server Certificate from Client Credit for this example goes to “ Checking A Remote Certificate Chain With OpenSSL” from langui.sh. openssl s_client -showcerts -connect www.andunix.net:443 Informations about the used arguments from the OpenSSL man page: * s_client: SSL/TLS client program * -showcerts: display the whole server certificate chain: normally only the server certificate itself is displayed.