OpenSSL Cheatsheet

NOTE: The content in this page is my personal note which I got from multiple sources and based on my personal experience.

Generate a new RSA key only

openssl genrsa -aes256 -out example.key 2048  

Create public key from private key

openssl rsa -in example.key -pubout -out example.pub

Generate SSH key from private key

ssh-keygen  -y -f example.key

Check OpenSSL files

openssl rsa -in example.key -noout -text
openssl x509 -in filename.crt -text -noout
openssl req -in filename.csr -text -noout
openssl rsa -in filename.key -text -noout

Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Generate a Certificate Signing Request and new Key

openssl req -new -newkey rsa:2048 -keyout new.key -out new.csr -nodes

Encrypt/Decrypt a file in base64 format

openssl aes-256-cbc -a -in plaintext.file -out encryted.file
openssl aes-256-cbc -a -in encryted.file

Package cert in a PKCS12 file

openssl pkcs12 -export -in example.crt -inkey example.key -out example.p12

Create certificate request

openssl req -new -key graylog.key -subj '/C=CA/ST=ON/L=Toronto/O=IT Insfrastructure/OU=DevOps/CN=example.com/emailAddress=admin@exampl.com' -out graylog.csr  -config openssl.cnf

Create certificate

openssl x509 -req -days 365 -extensions v3_req -in graylog.csr -signkey graylog.key -out graylog.crt -extfile openssl.cnf