# Generate Encrypted RSA Private Key with passphrase
openssl genrsa -des3 -out myssl.key 2048
# Generate Unencrypted RSA Private Key
openssl genrsa -out myssl.key 2048
# Remove Passphrase from key
mv myssl.key myssl.key.org
openssl rsa -in myssl.key.org -out myssl.key
openssl rsa -in myssl.key.org -out myssl.key
# Generate Certificate Signing Request with an existing Private Key
openssl req -sha256 -new -key myssl.key -out myssl.csr
# Create SSL certificate
openssl x509 -req -days 365 -in myssl.csr -signkey myssl.key -out myssl.crt
openssl x509 -req -days 365 -in myssl.csr -signkey myssl.key -out myssl.crt
Generating a key and csr in one command
# for providing to your certificate provider
openssl req -sha256 -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
req = create PKCS#10 X.509 Certificate Signing Request
-sha256 = adds support for SHA-2
Decode PEM encoded SSL certificate meta information
openssl x509 -in certificate.crt -text -noout
OR
openssl x509 -noout -text -modulus -in https://example.com.crt
Decode DER encoded SSL certificate meta information
openssl x509 -in certificate.crt -inform der -text -noout
Decode SSL key meta information
openssl rsa -noout -text -modulus -in https://example.com.key
Convert PEM encoded SSL certificate to DER encoded:
openssl x509 -in certificate.crt -outform der -out certificate.der
Convert DER encoded SSL certificate to PEM encoded:
openssl x509 -in certfile.crt -inform der -outform pem -out certificate.pem
Note: in the meta info, the Modulus should be the same for the key and cert.
Sources
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx
http://support.godaddy.com/help/article/3601/generating-a-certificate-signing-request-nginx
http://www.sslshopper.com/certificate-decoder.html
https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them
req = create PKCS#10 X.509 Certificate Signing Request
-sha256 = adds support for SHA-2
Decode PEM encoded SSL certificate meta information
openssl x509 -in certificate.crt -text -noout
OR
openssl x509 -noout -text -modulus -in https://example.com.crt
Decode DER encoded SSL certificate meta information
openssl x509 -in certificate.crt -inform der -text -noout
Decode SSL key meta information
openssl rsa -noout -text -modulus -in https://example.com.key
Convert PEM encoded SSL certificate to DER encoded:
openssl x509 -in certificate.crt -outform der -out certificate.der
Convert DER encoded SSL certificate to PEM encoded:
openssl x509 -in certfile.crt -inform der -outform pem -out certificate.pem
Note: in the meta info, the Modulus should be the same for the key and cert.
Sources
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx
http://support.godaddy.com/help/article/3601/generating-a-certificate-signing-request-nginx
http://www.sslshopper.com/certificate-decoder.html
https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them
