OpenSSL¶
view certificates¶
openssl x509 -in <path to cert> -noout -text
connect to server¶
openssl s_client -connect www.google.com:443
get certificate information from server¶
openssl s_client -connect www.google.com:443 -showcerts <<< echo | openssl x509 -noout -text
generate selfsigned certificate and key¶
Info
This will ask you forsome additional information!
openssl req -x509 -nodes -newkey rsa:4096 -keyout <host>.key -out <host>.crt -days <NUMBER_OF_DAYS>
generate selfsigned certificate and key with subject alternative name¶
Attention
You need openssl version 1.1.1 and above
openssl req -new -x509 -days 3650 -sha256 -nodes -subj "/C=DE/O=der-jd/CN=devjd2" -extensions v3_req -addext "subjectAltName = DNS.0:*.devjd2,DNS.1:devjd2" -newkey rsa:4096 -keyout openstack.key -out openstack.crt
generate csr with key and san¶
Info
basicly you just have to remove the -x509
parameter
openssl req -new -days 3650 -sha256 -nodes -subj "/C=DE/O=der-jd/CN=devjd2" -extensions v3_req -addext "subjectAltName = DNS.0:*.devjd2,DNS.1:devjd2" -newkey rsa:4096 -keyout openstack.key -out openstack.crt
generate 32 bytes long key¶
Info
This is needed for S3 SSE-C
openssl rand -base64 32
$ openssl rand -base64 32
u7gys5DIh0ri3v/POtoJv4rdjWbW7spzExiZAupZFJs=