OpenSSL - Patrick Lewis Notes

## Certificate Management | Command | Description | | --- | --- | | `openssl req -new -key <key> -out <csr>` | Generate a new certificate signing request | | `openssl req -x509 -key <key> -in <csr> -out <cert>` | Generate a self-signed certificate | | `openssl x509 -in <cert> -text -noout` | Display the details of a certificate | | `openssl x509 -in <cert> -pubkey -noout` | Extract the public key from a certificate | | `openssl x509 -in <cert> -fingerprint -noout` | Display the fingerprint of a certificate | ## Key Management | Command | Description | | --- | --- | | `openssl genrsa -out <key> 2048` | Generate a new RSA private key | | `openssl rsa -in <key> -pubout -out <pub_key>` | Extract the public key from a private key | | `openssl rsa -in <key> -out <new_key>` | Convert a private key to a different format | | `openssl rand -hex 16` | Generate a random hex string | ## Certificate Signing | Command | Description | | --- | --- | | `openssl ca -in <csr> -out <cert>` | Sign a certificate request | | `openssl ca -config <config> -in <csr> -out <cert>` | Sign a certificate request with a custom configuration | | `openssl verify -CAfile <ca> <cert>` | Verify a certificate against a CA file | ## Certificate Conversion | Command | Description | | --- | --- | | `openssl pkcs12 -export -in <cert> -inkey <key> -out <file>` | Convert a certificate and key to PKCS#12 format | | `openssl pkcs12 -in <file> -out <cert> -nodes` | Extract a certificate and key from a PKCS#12 file | | `openssl x509 -in <cert> -outform DER -out <file>` | Convert a certificate to DER format | | `openssl x509 -in <cert> -outform PEM -out <file>` | Convert a certificate to PEM format | ## Encryption and Decryption | Command | Description | | --- | --- | | `openssl enc -aes-256-cbc -salt -in <file> -out <encrypted_file>` | Encrypt a file with AES-256-CBC | | `openssl enc -d -aes-256-cbc -in <file> -out <decrypted_file>` | Decrypt a file encrypted with AES-256-CBC | | `openssl dgst -sha256 FILE` | Calculate the SHA-256 hash of a file | | `openssl dgst -md5 FILE` | Calculate the MD5 hash of a file | ## Miscellaneous | Command | Description | | --------------------------------------------------------- | ----------------------------------------------------- | | `openssl version` | Display the OpenSSL version | | `openssl s_client -connect <host>:<port>` | Connect to a server using SSL/TLS | | `openssl s_server -accept <port> -cert <cert> -key <key>` | Start an SSL/TLS server | | `openssl speed` | Run benchmark tests on OpenSSL algorithms | | `openssl ciphers -v` | List all available ciphers | | `openssl rand -base64 32` | Generate a random base64 string | | `openssl rand -base64 -out <file> 32` | Generate a random base64 string and save it to a file | | `openssl rand -out <file> 32` | Generate a random binary string and save it to a file | | `openssl rand -hex 32` | Generate a random hex string |