OpenSSL Tricks

Last Modified: Wed, 17 May 2023 13:43:55 +0000 ; Created: Wed, 17 May 2023 13:43:55 +0000

A few openssl commands I've found useful

openssl s_client -showcerts -connect </dev/null 2>/dev/null | sed --silent --expression '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
  • From the remote web server grabs all the x509 certificates in ASCII (Base64) format useful for PEM CA chain bundles.
  • Note that the last, root CA certificate is commonly not provided by remote web sites
openssl x509 -in some_public_cert.pem -noout -text
  • Output details of a certificate for review
openssl x509 -inform der -in burp-ca.der -out burp-ca.pem
  • Convert from DER format to ASCII (Base64) PEM
openssl req -x509 -newkey rsa:4096 -nodes -out cert.crt -keyout cert.key -days 3653 -subj "/"
  • One liner to create a self-signed certificate and key pair for web server testing
openssl storeutl -noout -text -certs allcerts.pem