Practical Uses of OpenSSL command in Linux
Last Updated :
15 Oct, 2024
OpenSSL is a cryptography software library or toolkit that secures communication over computer networks. It is generally used for Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols. The OpenSSL program is a command-line tool that utilizes various cryptography functions of OpenSSL's crypto library from the shell. OpenSSL is licensed under an Apache-style license, allowing for both commercial and non-commercial use under simple license conditions.
To check the installed version of OpenSSL, use the following command:
$ openssl version
Syntax of the OpenSSL Command
The general syntax for OpenSSL commands is:
openssl <command> [options]
Basic Example
To view the version of OpenSSL installed on system:
$ openssl version
Practical Uses of OpenSSL Command
Here are some of the most commonly used options with the OpenSSL command, including practical examples for each.
1. Generate RSA Private Key
To Create RSA Private Key.
$openssl genrsa -out private.key 2048
It will generate the RSA key file with the name private.key. Here, we have used 2048 for high security. Lower bit size can even be used.
This command generates a private RSA key file named private.key, using 2048-bit encryption for security. Lower bit sizes can be used if desired.
2. Create a New Private Key and CSR
This command creates both a private key (custom.key) and a Certificate Signing Request (CSR) file (custom.csr), prompting you for personal and organization details.
$openssl req -nodes -newkey rsa:2048 -keyout custom.key -out custom.csr
It will ask for the details like country code, state and locality name, Organization name, your name, email address, etc. And after entering all the details it will generate 2 files one with the CSR extension and the other with key extension representing CSR and private key respectively.
3. Create new Private Key and Self Signed certificate
$openssl req -x509 -sha512 -nodes -days 730 -newkey rsa:2048 -keyout custom.key -out custom.pem
It will ask for details like country code, state and locality name, Organization name, your name, email address, etc. And after entering all the details it will generate 2 files one with the PEM extension and the other with key extension representing Self Signed Certificate and private key respectively.
In the example, we have set validity to 730 days but in case you don't mention this then it will take the value of one month by default. You can even change the algorithm of encryption as per your own convenience. In this example, we have used the SHA512 algorithm.
4. Verifying a CSR file
$openssl req -noout -text -in custom.csr
It will display the details you entered at the time of creating the CSR file which could be used to verify that the correct CSR file is sent to the correct receiver.
5. Verifying a private key file
$openssl rsa -in private.key -check
It will verify and check the RSA key and if it is Ok it will display the following result.
6. Verifying the Certificate Signer Authority
$openssl x509 -in custom.pem -noout -issuer -issuer_hash
It will display the details you entered at the time of creating the pem file which could be used to verify that the correct pem file is sent to the correct receiver.
7. Checking Hash value of a certificate
$openssl x509 -noout -hash -in custom.pem
It will display the hash value of the pem certificate file.
8. Converting PEM to DER format
$openssl x509 -outform der -in custom.pem -out custom.der
It will change the extension of the certificate from .pem to .der and will create a new file with .der extension.
9. Checking pem file certificate expiry date
$openssl x509 -noout -in custom.pem -dates
It will display the valid from and valid up to date of the certificate.
Conclusion
The OpenSSL command-line tool is highly versatile, allowing users to perform various cryptographic operations, including generating keys, certificates, and verifying files. Understanding its syntax and key options enables secure and efficient network communication.
Similar Reads
ls Command in Linux The ls command is one of the most used commands in the Linux terminal to display the files and directories or path in the terminal. So, using the ls command is a basic skill for navigating the Linux file system, handling files, and managing directories.What is the ls Command in LinuxThe ls command i
10 min read
slocate command in Linux with Examples slocate command in Linux is used to find the files in your system. This is a secure version of the Linux command locate which is also used for file searching, similar to locate command it creates a database of the file locations for faster searching. But it is much more secure than locate command be
3 min read
Linux sftp command with Example In this article, we are going discuss about sftp. It is a protocol for securely transferring files from a remote server to a local machine. before SFTP, FTP was used to transfer files but it was unsecured. An attacker can read the communication between a remote server and a local machine. What is SF
5 min read
Basic Shell Commands in Linux: Complete List Anyone using Linux should become an expert in the essential shell commands, as they form the backbone of working with the Linux terminal. These commands enable you to navigate the system, manage files, handle processes, and configure settings effectively.The Linux shell serves as an interface for us
5 min read
readelf command in Linux with Examples When we compile source code, an object file is generated of the program and with the help of linker, this object files gets converted to a binary file which, only the machine can understand. This kind of file follows some structures one of which is ELF(Executable and Linkable Format). And to get the
4 min read