OpenSSL is free security protocols and implementation library provided by Free Software community. OpenSSL libraries are used by a lot of enterprises in their systems and products. OpenSSL libraries and algorithms can be used with openssl
command. In this tutorial we will look different use cases for openssl
command.
Private Key
Private keys should kept secret. Private keys generally used to decrypt data.
Public Key
Public keys are provided every one and it not secret. Public keys generally used to encrypt data.
Certificate
Certificates holds keys and related information. Certificates generally holds public keys.
Generate Private Key and Certificate Signing Request
We can generate a private key with a Certificate Signing Request. We can send generated CertificateSigningRequest.csr
to the Certificate Authority for approvel and then we can use privateKey.key
$ openssl req -out CertificateSigningRequest.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Generate Self-Signed Certificate
If we will use certificate in our local environment and systems we do not need to sign it by Global Certificate Authority. So we can generate a self signed certificate with the following command.
$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Generate Certificate Signing Request (CSR) with Existing Certificate
If we have all ready a certificate but we need to approve it by Global Certificate Authorities we need to generate Certificate Signing Request with the following command.
$ openssl req -out CSR.csr -key privateKey.key -new
Remove Passphrase From Private Key
Private Keys generally stored as encrypted to make it more secure. But every time we want to use Private Key we have to decrypt it. To make it more practical we can extract Private Key and store as unencrypted.
$ openssl rsa -in privateKey.pem -out newPrivateKey.pem
Check and Print Certificate Signing Request (CSR)
We can print every information provided by a Certificate Signing Request on the shell. We will use following command for this.
$ openssl req -text -noout -verify -in CertificateSigningRequest.csr

Check and Print Private Key
We can print and check a private key with the following command. This will print key information.
$ openssl rsa -in privateKey.key -check
Check and Print Certificate
We can print certificate information and related parts with the following command.
$ openssl x509 -in certificate.crt -text -noout
Check and Print PKCS#12 Certificate (.pfx , .p12)
We can check and print PKCS#12
certificates with the following command.
$ openssl pkcs12 -info -in keyStore.p12
Check SSL Connection and Certificates
OpenSSL provides a web client which can connect web servers with SSL/TLS and print SSL/TLS certificate information.
$ openssl s_client -connect poftut.com:443

Convert DER (.crt .cer .der) To PEM
Certificates can be stored in different formats. DER
and PEM
are two popular format used to store certificates. We can convert DER
to PEM
with the following command.
$ openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert PEM To DER
The reverse conversation from PEM
to DER
can be done with the following.
$ openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PKCS#12 (.pfx .p12) To PEM
We can convert PKCS#12
format files to the PEM
files with the following command.
$ openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
Convert PEM To PKCS#12 (.pfx .p12)
We can convert PEM
format to the PKCS#12
format with the following command.
$ openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
1 thought on “OpenSSL Shell Commands Tutorial with Examples”