19 Most Common OpenSSL Commands for 2023

What Is OpenSSL Command?

OpenSSL is an open-source-based implementation of the SSL protocol, with versions available for Windows, Linux, and Mac OS X. It is a highly versatile tool used to create CSRs (Certificate Signing Requests) and Private Keys as well as compare an MD5 hash of different certificates or private keys; verify installed certificates on any website; and convert certificates into other formats. The most common OpenSSL commands are generating Certificate Signing Requests, verifying that a certificate is installed correctly on a website, comparing the MD5 hash of a certificate or private key with other versions, and converting certificates from one format to another.

The Most Common OpenSSL Commands

In this blog, we have mentioned some common OpenSSL commands used for different SSL management purposes. OpenSSL provides a wide range of options and parameters for each command, allowing users to manage their SSL infrastructure and fix their queries in no time.

Here’s an introduction to some common OpenSSL commands:

1. Generate a new private key and Certificate Signing Request

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

2. Generate a self-signed certificate using OpenSSL

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

3. Generate a certificate signing request (CSR) for an existing private key

openssl req -out CSR.csr -key privateKey.key -new

4. Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

5. Remove a passphrase from a private key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL Commands

6. Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

7. Check a private key

openssl rsa -in privateKey.key -check

8. Check a certificate

openssl x509 -in certificate.crt -text -noout

9. Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL Commands

10. Verify an MD5 hash of the public key to make sure it matches with CSR or private key

openssl x509 -noout -modulus -in certificate.crt | openssl md5 
openssl rsa -noout -modulus -in privateKey.key | openssl md5 
openssl req -noout -modulus -in CSR.csr | openssl md5

11. Verify an SSL connection. All certificates (including Intermediates) must be shown.

openssl s_client -connect www.paypal.com:443

Converting Using OpenSSL Commands

OpenSSL Convert PEM

12. Convert PEM to DER:

openssl x509 -outform der -in certificate.pem -out certificate.der

13. Convert PEM to P7B:

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

14. Convert PEM and Private Key to PFX/P12:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

OpenSSL Convert DER

15. Convert DER to PEM:

openssl x509 -inform der -in certificate.der -out certificate.pem

OpenSSL Convert P7B

16. Convert P7B to PEM:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

17. Convert P7B to PFX:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer 
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

OpenSSL Convert PFX

18. Convert PFX to PEM and Private Key

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

19. Remove the Private key password

openssl rsa -in file.key -out file2.key

Conclusion on OpenSSL Commands

In conclusion, OpenSSL commands are a powerful set of tools for working with SSL/TLS certificates and cryptographic functions. These commands can be used for a wide range of tasks, including generating key pairs, creating and verifying digital signatures, encrypting and decrypting data, and managing SSL/TLS certificates. With its cross-platform compatibility and extensive documentation, OpenSSL is widely used by developers, system administrators, and security professionals around the world. Whether you're securing web applications, building secure communications protocols, or conducting forensic investigations, OpenSSL commands are an essential tool in the modern digital security toolkit.