Mercurial > tips
changeset 2451:892004bd19bb
PKCS#12 stores.
author | Oleksandr Gavenko <gavenkoa@gmail.com> |
---|---|
date | Sun, 08 Nov 2020 09:14:06 +0200 |
parents | 3e1990dc6ac8 |
children | f2450d4f1adc |
files | tls.rst |
diffstat | 1 files changed, 38 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/tls.rst Sun Nov 08 01:01:04 2020 +0200 +++ b/tls.rst Sun Nov 08 09:14:06 2020 +0200 @@ -5,6 +5,17 @@ .. contents:: :local: +Generate private keys +===================== + +Generate RSA key (last argument is a key bit size):: + + openssl genrsa -des3 -out my.key -passout pass:123456 2048 + +Generate DSA key:: + + openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512) + Generate a self-signed certificate ================================== @@ -94,3 +105,30 @@ curl -v --cacert my.crt https://localhost:8000 There is no certificate chain so the check is trivial for self-signed certificates... + +PKCS#12 stores +============== + +PKCS#12 store keeps private keys and certificates, to combine a private key and certificates into the store:: + + openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master + +To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED +PRIVATE KEY``):: + + openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes + +To extract private key and convert to PKCS#1 format (has header ``BEGIN RSA PRIVATE KEY`` or ``BEGIN +DSA PRIVATE KEY``):: + + openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa + +To show private key info:: + + openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout + +To show certificat info:: + + openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 + openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout +