Difference between revisions of "Openssl"

openssl

back to esp8266

https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

in cd ../vhosts/somecerts/smallcerts/

Generate a Private Key and a CSR

openssl req -newkey rsa:512 -nodes -keyout domain.key -out domain.csr

Generate a Self-Signed Certificate from an Existing Private Key

openssl req -key domain.key -new -x509 -days 365 -out domain.crt

View CSR Entries

openssl req -text -noout -verify -in domain.csr

View Certificate Entries

openssl x509 -text -noout -in domain.crt

Verify a Certificate was Signed by a CA

openssl verify -verbose -CAFile ca.crt domain.crt

from https://www.feistyduck.com/library/openssl-cookbook/online/ch-openssl.html#

openssl genrsa -out fd.key 512                           //create private key (no pass)
openssl rsa -in fd.key -pubout -out fd-public.key        //to separate out the public key
openssl req -new -key fd.key -out fd.csr                 //create csr from key
openssl req -text -in fd.csr -noout                      //show your csr
openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt          // create a cert w/o questions
openssl x509 -text -in fd.crt -noout                     //view the cert
openssl x509 -text -noout -in fd.crt -fingerprint        //GET A CERTS FINGERPRINT

Ciphers

openssl ciphers -v 'ALL:COMPLEMENTOFALL'                 //list available

https://engineering.circle.com/https-authorized-certs-with-node-js-315e548354a2#.3atvisjhz

vis a vis letsencrypt

your key file will be privkey.pem your cert file will be cert.pem your ca file will be chain.pem or fullchain.pem ( depending exactly what you need )