OpenSSL

OpenSSL⚑

Usage⚑

Key⚑

Generate a RSA key⚑

openssl genrsa -out [key file] [bit size]

[bit size]: 2048, 4096...

CSR⚑

Get information from a CSR file⚑

openssl req -in [csr file] -text -noout

shellhacks

Generate a CSR⚑

Generate a key file.
Create a csr.conf file (recommended) with the following contents:

[ req ]
default_bits       = [key bit size]
default_md         = sha512
default_keyfile    = [domain]
prompt             = no
encrypt_key        = no
distinguished_name = req_distinguished_name
## distinguished_name
[ req_distinguished_name ]
countryName            = "[C]"                      # C=
localityName           = "[L]"                      # L=
organizationName       = "[O]"                      # O=
organizationalUnitName = "[OU]"                     # OU=
commonName             = "[CN]"                     # CN=
emailAddress           = "[CN/emailAddress]"        # CN/emailAddress=

3. Generate de CSR file for the key: openssl req -config csr.conf -new -key [key file] -out [CSR file] -verbose

medium

Get information about a SSL/TLS certificate⚑

openssl s_client -connect [host]:[port] | openssl x509 -noout -dates