OpenSSL Cheat Sheet

Classic Commands

Create RSA private key

openssl genrsa -out 2048

Generate CSR whith new private key

openssl req -sha256 -nodes -newkey rsa:2048 -keyout -out

Generate CSR whith existent private key

openssl req -new -sha256 -key -out

Generate CSR with existant certificate and private key

openssl x509 -x509toreq -in -out -signkey

Generate sign-auto certificate for 1 year

openssl req -x509 -newkey rsa:2048 -nodes -keyout -out -days 365
openssl x509 -in certificate.crt -text -noout
openssl req -text -noout -verify -in CSR.csr
openssl rsa -noout -text -check -in
openssl pkcs12 -info -in KEYSTORE.p12
openssl s_client -connect
openssl x509 -noout -modulus -in | openssl sha256
openssl req -noout -modulus -in | openssl sha256
openssl rsa -noout -modulus -in | openssl sha256

PEM format to P12 format

openssl pkcs12 -export -inkey private.key -in certificate.crt -certfile chain.pem -out keystore.pfx

Certifiate and private key in same file (PEM)

cat cert.crt key.key > pem.pem

Extract certificate and private key from a P12/PFX

openssl pkcs12 -in keystore.pfx -out certificate.crt –nokeys
openssl pkcs12 –in keystore.pfx -out key.key -nocerts –nodes

PKCS8 private key to PKCS1

openssl rsa -in key.key -out key2.key

PKCS1 private key to PKCS8

openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pkcs1.key -out pkcs8.key 

DER (binary) private key to PEM

openssl rsa -inform der -in der_key.der -out pem_key.key

PEM private key to DER

openssl rsa -inform PEM -outform der -in pem_key.key -out der_key.der 

DER certificate to PEM

openssl x509 -inform der -in certificateder.cer -out certificatepem.crt

PEM certificate to DER

openssl x509 -outform der -in certificatepem.crt -out certificateder.cer

ECC Commands

List curves

openssl ecparam -list_curves 

Generate private key

openssl ecparam -genkey -name prime256v1 -out key.key

Add passphrase to private key

openssl ec -in example.key -des3 -out example.key

Generate CSR

openssl req -new -sha256 -key example.key -nodes -out example.csr

Generate certificate

openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem
openssl ec -in example.key -pubout
openssl req -in example.csr -pubkey -noout 
openssl x509 -in example.crt -pubkey -noout