Kim Scarborough: things I do: computer nerd stuff: tips & cheatsheets: OpenSSL

“Telnet” to SSL service:
openssl s_client -ssl3 -connect example.com:443
Generate key/CSR:
openssl genrsa -out example.key 2048 openssl req -new -days 730 -key example.key -out example.csr
Generate key with self-signed cert:
openssl req -newkey rsa:1024 -keyout example.key -out example.crt -x509 -nodes -days 3650
Convert Apache cert to IIS:
openssl pkcs12 -export -in example.crt -inkey example.key -out example.pfx -passout pass:whatever
Convert IIS PFX file to OpenSSL:
openssl pkcs12 -info -in example.pfx -nodes -out example.txt
Read info from a CSR:
openssl req -text < example.csr
Read info from a cert:
keytool -printcert -v -file example.crt
Sign a self-generated CSR:
openssl x509 -req -days 3650 -in example.csr -signkey example.key -out example.crt
Read stored keys from a keystore:
keytool -list -v -keystore example.jks
Generate CSR from a keystore:
keytool -certreq -alias example -keystore example.jks -file example.csr
Update self-signed cert within a keystore:
keytool -selfcert -validity 365 -alias example -keystore example.jks
Import a signed cert into a keystore:
keytool -import -trustcacerts -alias example -file example.crt -keystore example.jks