changeset 2453:5bb8692c080a

Show info about PKCS#12 store.
author Oleksandr Gavenko <gavenkoa@gmail.com>
date Sun, 08 Nov 2020 10:21:14 +0200
parents f2450d4f1adc
children d99f1babbb10
files tls.rst
diffstat 1 files changed, 14 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/tls.rst	Sun Nov 08 09:50:50 2020 +0200
+++ b/tls.rst	Sun Nov 08 10:21:14 2020 +0200
@@ -16,6 +16,10 @@
 
   openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512)
 
+Select DSA curve::
+
+  openssl ecparam -list_curves
+
 Generate a self-signed certificate
 ==================================
 
@@ -79,6 +83,10 @@
     -dname "CN=localhost,O=home,C=US" \
     -ext 'san=dns:localhost,dns:web.internal,email:me@mail.internal'
 
+View the keystore::
+
+  keytool -list -v -keystore my.p12 -storepass 123456
+
 To export the self-signed certificate::
 
   keytool -exportcert -keystore my.p12 -file my.crt \
@@ -113,6 +121,11 @@
 
   openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master
 
+Show info about PKCS#12 store::
+
+  openssl pkcs12 -info -in certtool-srv.p12 -passin pass:123456 -nodes
+  keytool -list -v -keystore my.p12 -storepass 123456
+
 To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED
 PRIVATE KEY``)::
 
@@ -127,7 +140,7 @@
 
   openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout
 
-To show certificat info::
+To show certificate info::
 
   openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456
   openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout