Show info about PKCS#12 store.
--- a/tls.rst Sun Nov 08 09:50:50 2020 +0200
+++ b/tls.rst Sun Nov 08 10:21:14 2020 +0200
@@ -16,6 +16,10 @@
openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512)
+Select DSA curve::
+
+ openssl ecparam -list_curves
+
Generate a self-signed certificate
==================================
@@ -79,6 +83,10 @@
-dname "CN=localhost,O=home,C=US" \
-ext 'san=dns:localhost,dns:web.internal,email:me@mail.internal'
+View the keystore::
+
+ keytool -list -v -keystore my.p12 -storepass 123456
+
To export the self-signed certificate::
keytool -exportcert -keystore my.p12 -file my.crt \
@@ -113,6 +121,11 @@
openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master
+Show info about PKCS#12 store::
+
+ openssl pkcs12 -info -in certtool-srv.p12 -passin pass:123456 -nodes
+ keytool -list -v -keystore my.p12 -storepass 123456
+
To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED
PRIVATE KEY``)::
@@ -127,7 +140,7 @@
openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout
-To show certificat info::
+To show certificate info::
openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456
openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout