OpenSSL Tutorials

Q

Where to find tutorials on using OpenSSL to manage certificate?

✍: FYIcenter.com

A

Here is a collection of tutorials on managing certificates with OpenSSL compiled by FYIcenter.com team. Topics include installing OpenSSL on Windows, OpenSSL commands and options, validating certificates, etc.

General Information about OpenSSL

What Is OpenSSL

Download and Install OpenSSL Fulgan Binary for Windows

Run OpenSSL Commands

List of Commands Supported in OpenSSL

OpenSSL Command to List All Commands

OpenSSL Command Option to List All Options

Start OpenSSL from Working Directory

Download and Install OpenSSL slproweb Binary for Windows

OpenSSL "s_client" Command

OpenSSL "s_client" Command Options

OpenSSL "s_client -connect" - Connect to HTTPS Web Site

OpenSSL "s_client -connect" - View Server Certificate

Save OpenSSL Command Output to File

OpenSSL "s_client -connect" - Show Server Certificate Chain

OpenSSL "x509" Command

OpenSSL "x509" Command Options

Sample X.509 Certificate File to Test OpenSSL

OpenSSL "x509 -text" - Print Certificate Info

OpenSSL "x509 -fingerprint" - Print Certificate Fingerprint

OpenSSL "x509 -x509toreq" - Conver Certificate to CSR

OpenSSL "req -verify" - Error "wrong signature length"

OpenSSL "x509 -req" - Quick Way to Sign CSR

OpenSSL "x509 -req" - Error "my_ca.srl: No error"

OpenSSL "x509 -pubkey" - Export Public Key"

OpenSSL "x509 -pubout" - Export Public Key"

OpenSSL "verify" Command

OpenSSL "verify" Command Options

OpenSSL Verify Operation Steps

OpenSSL Fulgan Binary Crash on Windows 7

OpenSSL "verify" - Verify or Validate Certificate

OpenSSL "verify -untrusted" - Specify Untrusted Certificate

Download Root CA Certificate

OpenSSL "verify -CAfile" - Specify Root CA Certificate

OpenSSL "genpkey" Command for RSA Keys

OpenSSL "genpkey" Command Options

OpenSSL "genpkey -algorithm rsa" - Generate RSA Key

OpenSSL "pkey" Command Options

OpenSSL "pkey -text" - Print RSA Key in Text

OpenSSL "pkey -pubout" - Extract RSA Public Key

OpenSSL "pkey -pubin" - View RSA Public Key

OpenSSL "genpkey rsa_keygen_bits:256" - RSA Short Keys

OpenSSL "genpkey rsa_keygen_bits:10240" - RSA Long Keys

OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:3" - RSA Public Exponent

OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:1" - Bad RSA Key

OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:2" Runs Forever

OpenSSL "genpkey -des" - DES Encrypt RSA Keys

OpenSSL "pkey" - Open Encrypted RSA Keys

OpenSSL "pkey -aes*" - Re-Encrypt RSA Keys

OpenSSL "genpkey" Command for DSA Keys

OpenSSL "genpkey -genparam" - Generate DSA Parameters

OpenSSL "pkeyparam" Command Options

OpenSSL "pkeyparam -text" - Print DSA Parameters in Text

OpenSSL "genpkey -paramfile" - Generate DSA Key

OpenSSL "pkey -text" - Print DSA Key in Text

OpenSSL "pkey -pubout" - Extract DSA Public Key

OpenSSL "pkey -pubin" - View DSA Public Key

OpenSSL "genpkey dsa_paramgen_bits:256" - DSA Short Keys

OpenSSL "genpkey dsa_paramgen_bits:10240" - DSA Long Keys

OpenSSL "genpkey -des" - DES Encrypt DSA Keys

OpenSSL "pkey" - Open Encrypted DSA Keys

OpenSSL "pkey -aes*" - Re-Encrypt DSA Keys

OpenSSL "genpkey" Command for DH Keys

OpenSSL "genpkey -genparam" - Generate DH Parameters

OpenSSL "pkeyparam -text" - Print DH Parameters in Text

OpenSSL "genpkey -paramfile" - Generate DH Key

OpenSSL "pkey -text" - Print DH Key in Text

OpenSSL "pkey -pubout" - Extract DH Public Key

OpenSSL "pkey -pubin" - View DH Public Key

OpenSSL "genpkey dh_paramgen_prime_len:256" - DH Short Keys

OpenSSL "genpkey dh_paramgen_prime_len:3072" - DH Long Keys

OpenSSL "genpkey dh_paramgen_generator:3" - DH Param Generator

OpenSSL "genpkey -des" - DES Encrypt DH Keys

OpenSSL "pkey" - Open Encrypted DH Keys

OpenSSL "pkey -aes*" - Re-Encrypt DH Keys

OpenSSL "genpkey" Command for EC Keys

OpenSSL "genpkey -genparam" - Generate EC Parameters

OpenSSL "pkeyparam -text" - Print EC Parameters in Text

OpenSSL "genpkey -paramfile" - Generate EC Key

OpenSSL "pkey -text" - Print EC Key in Text

OpenSSL "pkey -pubout" - Extract EC Public Key

OpenSSL "pkey -pubin" - View EC Public Key

OpenSSL "genpkey ec_paramgen_curve:secp521r1" - EC Long Keys

OpenSSL "ecparam -list_curves" - List of EC Curves

OpenSSL "genpkey -des" - DES Encrypt EC Keys

OpenSSL "pkey" - Open Encrypted EC Keys

OpenSSL "pkey -aes*" - Re-Encrypt EC Keys

OpenSSL "rsautl" Command for RSA Keys

OpenSSL "rsautl" Command Options

OpenSSL "rsautl -encrypt" - Encryption with RSA Public Key

OpenSSL "rsautl -decrypt" - Decryption with RSA Private Key

OpenSSL rsautl "data too large for key size" Error

OpenSSL "rsautl" - Encrypt Large File with RSA Key

OpenSSL "rsautl" - Decrypt Large File with RSA Key

OpenSSL "rsautl" Using PKCS#1 v1.5 Padding

OpenSSL "rsautl -pkcs" - PKCS#1 v1.5 Padding Option

OpenSSL "rsautl" - PKCS#1 v1.5 Padding Size

OpenSSL "rsautl -encrypt -raw" - No Padding

OpenSSL "rsautl -encrypt -raw" - Data Too Large Error

OpenSSL "rsautl" Using OAEP Padding

OpenSSL "rsautl -oaep" - OAEP Padding Option

OpenSSL Signing Documents with RSA Keys

OpenSSL "rsautl -sign" - RSA Signature Generation

OpenSSL Verify Signed Documents with RSA Keys

OpenSSL "rsautl -verify" - RSA Signature Verification

OpenSSL "rsautl -encrypt" vs. "rsautl -sign"

OpenSSL "rsautl -encrypt" vs. "rsautl -verify"

OpenSSL "rsautl -verify -raw" for RSA Public Key Encryption

OpenSSL "rsautl -sign -raw" for RSA Private Key Decryption

OpenSSL "genrsa" and "rsa" Commands

OpenSSL "genrsa" Command Options

OpenSSL "genrsa" - Generate RSA Key Pair

OpenSSL "rsa" Command Options

OpenSSL "rsa -text" - Print RSA Key in Text

OpenSSL "rsa -pubout" - Extract RSA Public Key

OpenSSL "rsa -pubin" - View RSA Public Key

OpenSSL "genrsa 32" - Generate RSA Short Keys

OpenSSL "genrsa 10240" - Generate RSA Long Keys

OpenSSL "genrsa -des" - DES Encrypt RSA Keys

OpenSSL "rsa" - Open Encrypted RSA Keys

OpenSSL "rsa -aes*" - Re-Encrypt RSA Keys

OpenSSL "gendsa" and "dsa" Commands

OpenSSL "gendsa" Command Options

OpenSSL "dsaparam" Command Options

OpenSSL "dsaparam" - Generate DSA Parameters

OpenSSL "dsaparam -text" - Print DSA Parameters in Text

OpenSSL "gendsa" - Generate DSA Key Pair

OpenSSL "dsa" Command Options

OpenSSL "dsa -text" - Print DSA Key in Text

OpenSSL "dsa -pubout" - Extract DSA Public Key

OpenSSL "dsa -pubin" - View DSA Public Key

OpenSSL "dsaparam 512" - Generate DSA Short Keys

OpenSSL "gendsa 10240" - Generate DSA Long Keys

OpenSSL "gendsa -des" - DES Encrypt DSA Keys

OpenSSL "dsa" - Open Encrypted DSA Keys

OpenSSL "dsa -aes*" - Re-Encrypt DSA Keys

OpenSSL "req" Command

OpenSSL "req" Command Options

OpenSSL "req -new" - Generate New CSR

OpenSSL "req -text" - Print CSR in Text

OpenSSL CSR File Structure and Components

OpenSSL "req -text" Output and CSR Components

OpenSSL "req -verify" - Verify Signature of CSR

OpenSSL "req -pubkey" - Extract Public Key from CSR

OpenSSL "req -newkey" - Generate Private Key and CSR

OpenSSL "req -new -x509" - Generate Self-Signed Certificate

OpenSSL "x509 -text" - View Self-Signed Certificate in Text

OpenSSL "verify" - Validate Self-Signed Certificate

OpenSSL "req -x509 -newkey" - Generate Private Key and Certificate

OpenSSL Self-Signed Certificate Components

OpenSSL "req -x509" - Sign My Own CSR

OpenSSL "req -x509 -days" - Longer Self-Signed Certificate

OpenSSL "req -x509 -set_serial" - Certificate Serial Number

OpenSSL "req -x509 -md5" - MD5 Digest for Signing

OpenSSL "req -x509" - Sign CSR with Different Key

OpenSSL Not Validate Signature in Self-Signed Certificate

OpenSSL "req -config" - Using Configuration File

OpenSSL "req" - distinguished_name Configuration Section

OpenSSL "req" - "prompt=no" Mode

OpenSSL "req" - "prompt=yes" Mode

OpenSSL "req" - "prompt=yes" Mode with DN Validations

OpenSSL "req" - "prompt=yes" Mode with DN Defaults

OpenSSL "req new -batch" - Using DN Default Values Only

OpenSSL "req -new" - "no objects specified in config file" Error

OpenSSL "req -new" - Repeating DN Fields

OpenSSL "req -new" - DN Fields for Personal Certificates

OpenSSL "req" - X509 V3 Extensions Configuration Options

OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions

OpenSSL "req -new -reqexts" - Test CSR V3 Extensions

OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions

OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions

OpenSSL "req -new" - CSR Attributes

OpenSSL "req" - Good Sample openssl.conf

OpenSSL "ca" Command

OpenSSL "ca" Command Options

OpenSSL "ca" - Create CSR for Testing

OpenSSL "ca" - Create CA Certificate for Testing

OpenSSL "ca" Error "./demoCA/newcerts: No such file or directory"

OpenSSL "ca" Error "unable to open ./demoCA/index.txt"

OpenSSL "ca" - "error while loading serial number"

OpenSSL "ca" Error "stateOrProvinceName field needed to be the same"

OpenSSL "ca" - Sign CSR with CA Certificate

OpenSSL "ca" - Track CSR Signing History

OpenSSL "ca" Error "failed to update database TXT_DB error number 2"

OpenSSL "ca -revoke" - Revoke a Certificate

OpenSSL "ca" - Sign the CSR Again

OpenSSL "ca" - "error while loading CRL number"

OpenSSL "ca -gencrl" - Generate CRL

OpenSSL "crl -text" - View CRL in Test Format

OpenSSL "ca -selfsign" - Self Sign CSR

OpenSSL "ca -config" - Using Configuration File

OpenSSL [ca] Section in Configuration File

OpenSSL "ca" Error "lookup failed for ca::default_ca"

OpenSSL "ca" Error "... directory for new certificate ..."

OpenSSL "ca" Error "lookup failed for ca::database"

OpenSSL "ca" Error "lookup failed for ca::default_md"

OpenSSL "ca" Error "lookup failed for ca::policy"

OpenSSL "ca" Error "lookup failed for ca::serial"

OpenSSL "ca" Error "cannot lookup how many days ..."

OpenSSL "policy" Options for "ca" Command

Simple Working Configuration File for OpenSSL "ca"

OpenSSL "ans1parse" Command

OpenSSL "ans1parse" Command Options

ASN.1 File Structure Supported by OpenSSL

ASN.1 Field Types Supported by OpenSSL

OpenSSL "ans1parse -genstr" - Single Primitive Field DER File

OpenSSL "ans1parse -in" - Parse DER File

OpenSSL "ans1parse -genconf" - Configuration File

OpenSSL "ans1parse -genconf" - Nested SEQUENCE ASN.1 Structure

OpenSSL "ans1parse -strparse" - Extract ASN.1 Sub Structure

OpenSSL "ans1parse" - ASN.1 INTEGER Field Type

OpenSSL "ans1parse" - ASN.1 IA5STRING Field Type

OpenSSL "ans1parse" - ASN.1 OBJECT IDENTIFIER Field Type

OpenSSL "ans1parse" - ASN.1 BIT STRING Field Type

OpenSSL "ans1parse" - ASN.1 OCTET STRING Field Type

OpenSSL "ans1parse" - Wrap of SEQUENCE Structure

OpenSSL "ans1parse" - BITWRAP and OCTWRAP Modifiers

OpenSSL "ans1parse" - Wrap of Primitive Field

OpenSSL "ans1parse" - DER (Distinguished Encoding Rules)

OpenSSL "ans1parse" - RSA Private Key in ASN.1 Structure

OpenSSL "ans1parse" - Configuration File for RSA Private Key

OpenSSL "ans1parse" - RSA Public Key in ASN.1 Structure

OpenSSL "ans1parse" - Configuration File for RSA Public Key

OpenSSL "ans1parse" - DSA Private Key in ASN.1 Structure

OpenSSL "ans1parse" - Configuration File for DSA Private Key

OpenSSL "ans1parse" - DSA Public Key in ASN.1 Structure

OpenSSL "ans1parse" - Configuration File for DSA Public Key

OpenSSL "ans1parse" - DH Private Key in ASN.1 Structure

OpenSSL "ans1parse" - Configuration File for DH Private Key

OpenSSL "ans1parse" - DH Public Key in ASN.1 Structure

OpenSSL "ans1parse" - Configuration File for DH Public Key

Other OpenSSL Versions for Windows

Download OpenSSL 0.9.8h for Windows

Install OpenSSL 0.9.8h on Windows

Start OpenSSL on Windows Systems

2016-11-23, 5730👍, 0💬