0

More than 3 years have passed since last update.

openssl

OpenSSL

Last updated at 2021-01-22Posted at 2018-09-27

command

hash

sha256

calculate that data's sha256 value.

openssl sha256 <file_path>

certificate

check certificate information

If SNI(Server Name Indication) is used, '-servername' option is needed. If not, routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error error might be appeared.

_domain='target domain name'
openssl s_client -connect ${_domain}:443 -showcerts -servername ${_domain}

check certificate and key pair

# key
openssl rsa -noout -modulus -in <key_file> | openssl md5

# certificate
openssl x509 -noout -modulus -in <cert_file> | openssl md5

show certificate contents

cer extension

openssl x509 -inform der -noout -text -in <cerficiate>.cer

download remote host's server certificate chain

showcerts: display the whole server certificate chain

_domain='www.feistyduck.com'
echo | openssl s_client -showcerts -connect ${_domain}:443  -servername ${_domain} 2>&1 | sed -n '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${_domain}

show bundled certificate chain

openssl crl2pkcs7 -nocrl -certfile <bundled_file> | openssl pkcs7 -print_certs -text -noout

random

generate 48 random characters

openssl rand -base64 48

performance

check openssl performance

openssl speed -multi 2 aes

0

Register as a new user and use Qiita more conveniently

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up

0