openssl Reference
Kip Landergren
(Updated: )
My cheat sheet for openssl covering key creation, self-signed certificates and helpful documentation links.
Contents
Version
The following assumes openssl version 1.1.1
.
Common Operations
Generate a self-signed root Certificate Authority
Generate a 2048-bit RSA private key named ca.key
:
openssl genrsa -out ca.key 2048
Create a new self-signed root Certificate Authority from ca.key
, do not encrypt the private key, use a Common Name (CN) of example.com
, use a custom config file that contains the v3 extension we want to use and specify it, and finally output the file as ca.crt
:
openssl req -x509 \
-new \
-key ca.key \
-nodes \
-subj "/CN=example.com" \
-config /usr/local/etc/openssl/openssl.cnf \
-reqexts v3_req \
-extensions v3_ca \
-out ca.crt
Inspect the generated ca.crt
as text:
openssl x509 -in ca.crt \
-text \
-noout
How to Generate a Self-Signed Certificate
openssl req -x509 \
-new \
-newkey rsa:2048 \
-keyout path/to/your-new.key \
-nodes \
-days 3650 \
-subj "/CN=example.com" \
-addext "subjectAltName = DNS:example.com" \
-out path/to/your-new.crt
Documentation
The man
page for openssl
is generally a good start.
- Official Documentation