security,

SSL Certificate Management - Quick Reference

Gineesh Gineesh Follow · 3 mins read
SSL Certificate Management - Quick Reference
Share this

Create SSL Certificate

Create a Root CA

## create CA key
## remove the -des3 option for non-password protected key 
openssl genrsa -des3 -out myserver-CA.key  4096

## self-sign CA Certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out myserver-CA.pem

Create Server Key, CSR and Certificate

## Create a new SSL Key for server/app
openssl genrsa -out myserver.key 2048

Generate Certificate Signing Request and Key only

$ openssl req -newkey rsa:2048 \ 
  -keyout server.key \
  -out server.csr

Generate Certificate Signing Request with details as arguments

$ openssl req -new \
  -subj "/C=US/ST=North Carolina/L=Raleigh/O=Red Hat/CN=todo-https.apps.ocp4.example.com" \
  -key myserver.key \
  -out myserver.csr

Check and verify certificate details

$ openssl x509 -in server.crt -text -noout

Check a PKCS#12 file (.pfx or .p12)

$ openssl pkcs12 -info -in keyStore.p12

Check and verify Key file

$ openssl rsa -in server.key -check

Verify CSR content

$ openssl req -in server.csr -noout -text
$ openssl req -in server.csr -noout -text -verify 

## Generate Certificate using CSR and CA
## openssl x509 -req -in <CSR FILE> \
##   -CA <CA FILE> -CAkey myserver-CA.key -CAcreateserial \
##   -passin file:passphrase.txt \
##   -out <EXPORT CRT> -days 3650 -sha256 -extfile myserver.ext
$ openssl x509 -req \
  -passin file:passphrase.txt \
  -CA myserver-CA.pem -CAkey myserver-CA.key -CAcreateserial \
  -in myserver.csr \
  -out myserver.crt \
  -days 1825 -sha256 -extfile myserver.ext

## verify certificte content
$ openssl x509 -in myserver.crt -text -noout

How to verify SSL Certificates

Verify Certificate and Key

You should get the same md5 output for all commands.

# certificate
$ openssl x509 –noout –modulus –in <file>.crt | openssl md5

# key
$ openssl rsa –noout –modulus –in <file>.key | openssl md5

# csr
$ openssl req -noout -modulus -in <file>.csr | openssl md5

Check the Key only

$ openssl rsa -check -noout -in myserver.key
RSA Key is ok

Change or remove passhphrase

Remove Passphrase from SSL key

$ openssl rsa -in original.key -out new.key

Change the passphrase of the SSL Key

$ openssl rsa -aes256 -in original.key -out new.key

Extract from PFX file

$ openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]

Extract Certificate from P7B file

$ openssl pkcs7 -inform PEM -outform PEM -in certnew.p7b -print_certs > certificate.cer

References

cloud automation containers kubernetes
Gineesh
Written by Gineesh Follow
Backpacker, Foodie, Techie

Latest Stories

Let’s talk about kubectl create, apply, edit, replace and patch
In DevOps, Kubernetes, kubectl,
Book Review: The Linux DevOps Handbook
In Books, DevOps, devops book,
Book Review: Fedora Linux System Administration – A Hands-On Guide for Power Users
In Books, DevOps, Alex Callejas,
Exploring Kubernetes 1.29 with Kind
In Kubernetes, kind cluster kubernetes 1.29, kind kubernetes,
Let us test Kubernetes 1.29 with minikube
In DevOps, Kubernetes, devops with kubernetes,

Featured

  1. Mastering Tekton: Your Guide to Cloud-Native CI/CD Workflows
    In Automation, Courses, DevOps,
  2. Learn Ansible – A Comprehensive Guide for Courses and Exams
    In Ansible, Ansible Resources, Automation,
  3. Free GitOps and CI/CD Courses and Certifications
    In ArgoCD, DevOps, Featured,
  4. Terraform Cheat Sheet
    In DevOps, Featured, Infrastructre & Hardware,
  5. Kubernetes vs OpenShift – 15 Facts You Should Know
    In Cloud, DevOps, Featured,
  6. Introduction to OpenShift BootCamp
    In DevOps, Featured, Kubernetes,
  7. How to set up and use Python virtual environments for Ansible
    In Ansible, Automation, DevOps,
  8. 5 Mistakes You Should Avoid During Kubernetes Exam
    In Cloud, DevOps, Featured,
  9. 10 Tips for your Kubernetes Exam – CKA & CKAD
    In DevOps, Featured, Kubernetes,
  10. CKA, CKS & CKAD Learning Path and Certification
    In Featured, Infrastructre & Hardware, Kubernetes,