Mercurial Mercurial > tips / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Create CSR. Convert PEM to DER.
authorOleksandr Gavenko <gavenkoa@gmail.com>
Thu, 12 May 2022 15:15:03 +0300
changeset 2526 8f83c9cd3059
parent 2525 cb9c3e5c2884
child 2527 a60864c290cc
Create CSR. Convert PEM to DER.
tls.rst file | annotate | diff | comparison | revisions 
--- a/tls.rst	Thu Apr 21 13:20:02 2022 +0300
+++ b/tls.rst	Thu May 12 15:15:03 2022 +0300
@@ -20,6 +20,42 @@
 
   openssl ecparam -list_curves
 
+Show key details::
+
+  openssl rsa -text -noout -in my.key
+
+Generate public key::
+
+  openssl rsa -pubout -in my.key -out my.pem
+
+Create CSR
+==========
+
+Generate CSR with a private key::
+
+  openssl req -new -newkey rsa:2048 -nodes
+    -keyout my.key -out my.csr \
+    -subj "/C=US/ST=California/L=Los Angeles/O=Evil/CN=me@mail.com"
+
+Generate CSR from a private key::
+
+  openssl req -new -nodes -key my.key -out my.csr
+
+  openssl req -new -nodes -key my.key -out my.csr \
+    -subj "/C=US/ST=California/L=Los Angeles/O=Evil/CN=me@mail.com"
+
+Recreate signing request from certificate::
+
+  openssl x509 -x509toreq -in my.crt -signkey my.key -out my.csr
+
+Review CSR::
+
+  openssl req -text -noout -in my.csr
+
+Verify CSR::
+
+  openssl req -text -noout -verify -in my.csr
+
 Generate a self-signed certificate
 ==================================
 
@@ -48,6 +84,7 @@
 Review the resulting certificate::
 
   openssl x509 -text -noout -in my.crt
+  keytool -printcert -file my.crt
 
 .. note::
    With ``openssl`` we can add an extra step:
@@ -92,16 +129,16 @@
   keytool -exportcert -keystore my.p12 -file my.crt \
     -alias master -rfc -storepass 123456
 
-Review the resulting certificate::
-
-  keytool -printcert -file my.crt
-
 https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/64733092#64733092
   How to create a self-signed certificate with OpenSSL.
 
 Verify self-signed certificate
 ==============================
 
+Review certificate::
+
+  openssl x509 -text -noout -in my.crt
+
 Use a private key and corresponding self-signed certificate to launch a server::
 
   openssl s_server -accept 8000 -www -key my.key -cert my.crt
@@ -117,7 +154,7 @@
 PKCS#12 stores
 ==============
 
-PKCS#12 store keeps private keys and certificates, to combine a private key and certificates into the store::
+PKCS#12 store keeps a private keys and certificates, to combine a private key and certificates into the store::
 
   openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master
 
@@ -131,8 +168,8 @@
 
   openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes
 
-To extract private key and convert to PKCS#1 format (has header ``BEGIN RSA PRIVATE KEY`` or ``BEGIN
-DSA PRIVATE KEY``)::
+To extract private key and convert to PKCS#1 format (PEM, has header ``BEGIN RSA PRIVATE KEY`` or
+``BEGIN DSA PRIVATE KEY``)::
 
   openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa
 
@@ -145,3 +182,24 @@
   openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456
   openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout
 
+Convert DER to PEM
+==================
+
+Convert a private key from DER to PEM::
+
+  openssl rsa -inform DER -in priv.der -outform PEM -out priv.pem
+
+Convert a certificate from DER to PEM::
+
+  openssl x509 -inform DER -in cert.der -outform PEM -out cert.crt
+
+Convert PEM to DER
+==================
+
+Convert a private key from PEM to DER::
+
+  openssl rsa -inform PEM -in priv.pem -outform DER -out priv.der
+
+Convert a certificate from PEM to DER::
+
+  openssl x509 -inform PEM -in cert.pem -outform DER -out cert.crt
tips