OpenSSL

view certificates

openssl x509 -in <path to cert> -noout -text

connect to server

openssl s_client -connect www.google.com:443

get certificate information from server

openssl s_client -connect www.google.com:443 -showcerts <<< echo | openssl x509 -noout -text

generate selfsigned certificate and key

Info

This will ask you forsome additional information!

openssl req -x509 -nodes -newkey rsa:4096 -keyout <host>.key -out <host>.crt -days <NUMBER_OF_DAYS>

generate selfsigned certificate and key with subject alternative name

Attention

You need openssl version 1.1.1 and above

openssl req -new -x509 -days 3650 -sha256 -nodes -subj "/C=DE/O=der-jd/CN=devjd2" -extensions v3_req -addext "subjectAltName = DNS.0:*.devjd2,DNS.1:devjd2" -newkey rsa:4096 -keyout openstack.key -out openstack.crt

generate csr with key and san

Info

basicly you just have to remove the -x509 parameter

openssl req -new -days 3650 -sha256 -nodes -subj "/C=DE/O=der-jd/CN=devjd2" -extensions v3_req -addext "subjectAltName = DNS.0:*.devjd2,DNS.1:devjd2" -newkey rsa:4096 -keyout openstack.key -out openstack.crt

generate 32 bytes long key

Info

This is needed for S3 SSE-C

command

openssl rand -base64 32                                                                                                                              

example

$ openssl rand -base64 32
u7gys5DIh0ri3v/POtoJv4rdjWbW7spzExiZAupZFJs=

---

Last update: October 11, 2021