Shulou(Shulou.com)06/02 Report--

This article mainly introduces "the method of openssl viewing certificate". In the daily operation, I believe that many people have doubts about the method of openssl viewing certificate. The editor has consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "openssl method of viewing certificate". Next, please follow the editor to study!

View certificat

# View KEY information

> openssl rsa-noout-text-in myserver.key

# View CSR information

> openssl req-noout-text-in myserver.csr

# View certificate information

> openssl x509-noout-text-in ca.crt

# verify the certificate

# will prompt self signed

> openssl verify selfsign.crt

# because myserver.crt is released by ca.crt, it will be verified successfully

> openssl verify-CAfile ca.crt myserver.crt

Remove password protection from key

Sometimes it's too cumbersome to enter a password every time. You can remove the Key protection password.

> openssl rsa-in myserver.key-out server.key.insecure

There are three general formats for the conversion of certificates in different formats:

The previous commands of PEM (.pem) are generated in this format

Common on DER (.cer. Der) Windows

Common on PKCS#12 files (.pfx .p12) Mac

# converting PEM to DER

> openssl x509-outform der-in myserver.crt-out myserver.der

# converting DER to PEM

> openssl x509-inform der-in myserver.cer-out myserver.pem

# converting PEM to PKCS

> openssl pkcs12-export-out myserver.pfx-inkey myserver.key-in myserver.crt-certfile ca.crt

# converting PKCS to PEM

> openssl pkcs12-in myserver.pfx-out myserver2.pem-nodes

Test certificate

Openssl provides simple client and server tools that can be used to simulate SSL connections for testing.

# Connect to a remote server

> openssl s_client-connect www.google.com.hk:443

# simulated HTTPS service, which can return Openssl related information

#-accept is used to specify the port number for listening

#-cert-key is used to specify the key and certificate to provide the service

> openssl s_server-accept 443-cert myserver.crt-key myserver.key-www

# you can write key and certificate in the same file

> cat myserver.crt myserver.key > myserver.pem

# provide only one parameter when you use it

> openssl s_server-accept 443-cert myserver.pem-www

# you can save the server's certificate

> openssl s_client-connect www.google.com.hk:443 remoteserver.pem

# convert to DER file, and you can view it directly under Windows

> openssl x509-outform der-in remoteserver.pem-out remoteserver.cer

Calculate MD5 and SHA1

# MD5 digest

> openssl dgst-md5 filename

# SHA1 digest

> openssl dgst-sha1 filename

At this point, the study on "openssl's method of viewing certificates" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.