Content added Content deleted
imported>DrOwl (New page: '''A few handy hints and tips for messing with SSL certs and keys''' * Dump the certificate openssl x509 -in url.crt * Dump the certificate details (-noout supresses output of the cert...) |
imported>DrOwl No edit summary |
||
Line 24: | Line 24: | ||
openssl rsa -in url.key -noout -modulus |
openssl rsa -in url.key -noout -modulus |
||
If they match, then the key is a pair with the certificate. See also [[ |
If they match, then the key is a pair with the certificate. See also [[Cert-Key_Match]]. |
||
'''Test an SSL site''' |
'''Test an SSL site''' |
Revision as of 09:01, 24 January 2012
A few handy hints and tips for messing with SSL certs and keys
- Dump the certificate
openssl x509 -in url.crt
- Dump the certificate details (-noout supresses output of the certificate itself)
openssl x509 -in url.crt -noout -text
- Find out the issuer of a certificate (useful for determining the chain file needed)
openssl x509 -in url.crt -noout -issuer
- Display the valid from/valid to dates
openssl x509 -in url.crt -noout -dates
Check that a key and cert match
- Find the modulus for both the cert and the key
openssl x509 -in url.crt -noout -modulus openssl rsa -in url.key -noout -modulus
If they match, then the key is a pair with the certificate. See also Cert-Key_Match.
Test an SSL site
openssl s_client -connect www.example.com:443
- Check on a csr (Certificate Signing Request)
openssl req -noout -text -in foo.csr
- Generate a csr (Certificate Signing Request)
Version 9 you can use openssl
openssl req -new -out foo.csr
Versin 4.5 use genconf, which will prompt you for all information.
genconf
you will be asked to enter all the customers information (probably the same as the older scr, which can be found in '/config/ssl/ssl.csr' on big ip v9)