OpenSSL Commands

Create a simple certificate request with new key

openssl req -batch -sha256 -newkey 2048:rsa -passout pass:your_password_here -keyout /home/fi5cher.de_key.pem -out /home/fi5cher.de_csr.pem -subj "/C=DE/ST=BY/L=Munich/O=FI5CHER/OU=FI5CHER/CN=fi5cher.de"

Create a simple certificate request for an existing key

openssl req  -new -key  /etc/pki/tls/private/icinga_key.pem  -sha512 -keyout /home/fi5cher.de_key.pem -out /home/fi5cher.de_csr.pem -subj "/C=DE/ST=BY/L=Munich/O=FI5CHER/OU=FI5CHER/CN=fi5cher.de"

Create a simple certificate request with a subject alternative name

( see http://en.wikipedia.org/wiki/SubjectAltName )


create /root/fi5cher.de.ini


[req]
req_extensions = v3_req
distinguished_name     = req_distinguished_name
default_bits           =  2048
default_keyfile        = privkey.pem
attributes             = req_attributes


[ req_attributes ]
unstructuredName                = An optional company name

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName          = @alt_names

[alt_names]
DNS.1   = fi5cher.de
DNS.2   = f.ischer.de

[ req_distinguished_name ]
countryName                    = C
countryName_default            = DE
countryName_min                = 2
countryName_max                = 2

localityName                   = Loc
localityName_default           = Munich

organizationName          = O
organizationName_default = FI5CHER

organizationalUnitName         = OU
organizationalUnitName_default = FI5CHER

commonName                     = CN
commonName_default             = fi5cher.de


now run:
openssl req  -config /root/fi5cher.de.ini -newkey rsa:2048 -sha256 -keyout fi5cher.de.pem -out fi5cher.de.pem


Make a PKCS12 file

openssl pkcs12 -in /root/server123.fi5cher.de_cert.pem -inkey /root/server123.fi5cher.de_key.pem -export -out /root/server123.fi5cher.de.p12

Test a ssl connection

openssl s_client -showcerts -connect fi5cher.de:443

openssl s_client -showcerts -CAfile /etc/pki/YourRootCA.pem -connect fi5cher.de:443


Back to Top
We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.