openssl Reference
Kip Landergren
(Updated: )
My cheat sheet for openssl covering key creation, self-signed certificates and helpful documentation links.
Contents
Version
The following assumes openssl version 1.1.1.
Common Operations
Generate a self-signed root Certificate Authority
Generate a 2048-bit RSA private key named ca.key:
openssl genrsa -out ca.key 2048
Create a new self-signed root Certificate Authority from ca.key, do not encrypt the private key, use a Common Name (CN) of example.com, use a custom config file that contains the v3 extension we want to use and specify it, and finally output the file as ca.crt:
openssl req -x509 \
-new \
-key ca.key \
-nodes \
-subj "/CN=example.com" \
-config /usr/local/etc/openssl/openssl.cnf \
-reqexts v3_req \
-extensions v3_ca \
-out ca.crt
Inspect the generated ca.crt as text:
openssl x509 -in ca.crt \
-text \
-noout
How to Generate a Self-Signed Certificate
openssl req -x509 \
-new \
-newkey rsa:2048 \
-keyout path/to/your-new.key \
-nodes \
-days 3650 \
-subj "/CN=example.com" \
-addext "subjectAltName = DNS:example.com" \
-out path/to/your-new.crt
How to View a Certificate
openssl x509 -noout -text -in cert-file.crt
Documentation
Recommendation: start with the openssl(1) man page.
- man pages:
- openssl(1)
- openssl-req(1)
- config(5)
- Official Documentation