OpenSSL

From XennisWiki
Jump to: navigation, search

OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used in Internet web servers, serving a majority of all web sites. (Wikipedia)

Installation

Debian

apt-get install openssl

Windows

Use the Net > openssl package of Cygwin.

General usage

Hash of a file (MD5, SHA1, SHA512)

openssl md5 example.txt 
# MD5(example.txt)= 469e1ee4e25202f469a5433d630c3f15
openssl sha1 example.txt 
# SHA1(example.txt)= 66f487bb8419ac1d37c8c698b9baafbcb5d5db3c
openssl sha512 example.txt 
# SHA512(example.txt)= f7c9fd13e3deadf139491189656df60eb04d3e116fd5ad8247891808727c0323c75cad8b2f1fbef4ec1823525cacd096eec10b9dda8e2d14df7391e7a53cca11

Generate a password (rand)

password=`openssl rand -base64 15`
echo $password

Certificate usage

Show (and download) certificate of server

Show certificcates

openssl s_client -connect <host>:<port> -showcerts

Download certificate

openssl s_client -connect <host>:<port> -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > mycertfile.pem
# openssl s_client -showcerts -servername <host> -connect <host>:<port> > cacert.pem

Read a certificate

openssl x509 -in example.crt -text -noout

Create a self-signed certificate

Generate a self-signed key and certificate

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
	-keyout <name>.key \
	-out <name>.crt

Create a certificate signing request (CSR) file

DOMAIN=my.example.org
openssl req -nodes -new -newkey rsa:2048 -keyout ${DOMAIN}.key -out ${DOMAIN}.csr -subj "/CN=${DOMAIN}/O=My Company/OU=My IT Department/L=Hannover/ST=Lower Saxony/C=DE"

See also

External links