myhelp:openssl
Create new key and csr for ssl-cert
openssl genrsa -des3 -out server17.key 2048 openssl req -new -key server17.key -out server17.csr
OR all in one command
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
and maybe also a self signed certificate:
openssl x509 -req -days 365 -in server17.csr -signkey server17.key -out server17.crt
get key uncrypted:
openssl rsa -in server17.key -out postfix.key.unencrypted
Use a config-File
server.cnf
[req] distinguished_name = req_distinguished_name req_extensions = v3_req default_keyfile = server.key prompt = no encrypt_key = no default_bits = 4096 default_md = sha512 [req_distinguished_name] # two character country code C = XX # State or Province Name ST = Middelearth # Locality Name (eg, city) L = Gondor # Organization Name (eg, company) O = Fellowship of the ring # Organizational Unit Name (eg, section) OU = Hobbits # Common Name (eg, your name or your server's hostname) CN = alias1.example.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = server1.example.com DNS.2 = alias1.example.com IP = 10.20.30.40
After editing the file you can generate your CSR
# openssl req -new -config server.cnf -out server.csr
Get things out of a pfx file
Certificate
# openssl pkcs12 -in /path/to/wildcard.pfx -out /path/to/certstore/mydomain.cer -nokeys -clcerts
key
# openssl pkcs12 -in /path/to/wildcard.pfx -out /path/to/keystore/mydomain.key -nocerts -nodes
CA-Cert
# openssl pkcs12 -in /path/to/wildcard.pfx -out /path/to/certstore/ca.cer -nodes -nokeys -cacerts
Get things in a pfx file
openssl pkcs12 -inkey bob_key.pem -in bob_cert.cert -export -out bob_pfx.pfx
myhelp/openssl.txt · Last modified: by ulrich