OpenSSL Cheat Sheet

If you have any reason at all to work (or play) with digital certificates, one of the most useful tools you will find anywhere is OpenSSL. It can do pretty much anything you could wish to do when it comes to displaying certificate contents, converting from one format to another or even issuing and signing your own certificates (you can operate your own CA with it !).

This page contains a handy list of OpenSSL commands I've found useful from time to time.

Viewing Certificate Contents

X.509 certificates are usually stored in one of two formats:

The command to view an X.509 certificate is:

openssl x509 -in filename.cer -inform der -text

You can specifiy -inform pem if you want to look at a PEM-format certificate

Convert Between Formats

If you have a PEM-format certificate which you want to convert into DER-format (so that you can import it into Microsoft), you can use the command:

openssl x509 -in filename.pem -inform pem -out filename.cer -outform der

Viewing PKCS12 Keystore Contents

This standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc. You can have a look into a PKCS12 file using the command

openssl pkcs12 -in filename.p12 -info

Constructing PKCS12 from PEM Certificate & Private Key

If you have two separate files containing your certificate and private key, both in PEM format, you can combine these into a single PKCS12 file (suitable for importing into Windows) using the command:-

openssl pkcs12 -in cert.pem -inkey key.pem -export -out filename.p12

Links & References

Back to