🐧 Linux 命令
OpenSSL
OpenSSL Cheat Sheet - 快速参考指南,收录常用语法、命令与实践。
📂 分类 · Linux 命令🧭 Markdown 速查🏷️ 2 个标签
#ssl#encryption
向下滚动查看内容
Private Key
Print out the private key details
BASH
滚动查看更多
openssl rsa -check -text -in privateKey.key
Print out the hashes of the private key
BASH
滚动查看更多
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl sha1
openssl rsa -noout -modulus -in privateKey.key | openssl sha256
openssl rsa -noout -modulus -in privateKey.key | openssl sha512
Change password
BASH
滚动查看更多
openssl rsa -aes256 -in privateKey.key -out newPrivateKey.key
List available elliptic curves
BASH
滚动查看更多
openssl ecparam -list_curves
Create elliptic curve private key with a specific curve
BASH
滚动查看更多
openssl ecparam -name secp521r1 -genkey -noout -out privateKey.key
Certificate
Print out the hashes of the certificate
BASH
滚动查看更多
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl x509 -noout -modulus -in certificate.crt | openssl sha1
openssl x509 -noout -modulus -in certificate.crt | openssl sha256
openssl x509 -noout -modulus -in certificate.crt | openssl sha512
Or, alternatively:
BASH
滚动查看更多
openssl x509 -noout -fingerprint -in certificate.crt
openssl x509 -noout -fingerprint -sha256 -in certificate.crt
Print out the content of the certificates
BASH
滚动查看更多
openssl x509 -in certificate.crt -noout -text|more
Print out specific fields of the certificates
BASH
滚动查看更多
openssl x509 -noout -subject certificate.crt
openssl x509 -noout -issuer certificate.crt
openssl x509 -noout -dates certificate.crt
Inspect server certificates
BASH
滚动查看更多
echo | openssl s_client -servername www.openssl.org -connect \
www.openssl.org:443 2>/dev/null | openssl x509 -noout -text|more
echo | openssl s_client -servername imap.arcor.de -connect \
imap.arcor.de:993 2>/dev/null | openssl x509 -noout -text|more
Verify certificates
OK
BASH
滚动查看更多
openssl verify -verbose -x509_strict -CAfile \
issuer.crt Test\ Haeschen\ 1.crt
Result:
BASH
滚动查看更多
Test Haeschen 1.crt: OK
Corrupted (for example)
BASH
滚动查看更多
openssl verify -verbose -x509_strict -CAfile \
issuer.crt Test\ Haeschen\ 1_corrupted.crt
Result:
BASH
滚动查看更多
C = DE, ST = Thueringen, L = Rudolstadt, O = Damaschkestr. 11, OU = Arbeitszimmer, CN = Test Haeschen 1
error 7 at 0 depth lookup: certificate signature failure
error Test Haeschen 1_corrupted.crt: verification failed
40270500477F0000:error:0200008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:../crypto/rsa/rsa_pk1.c:75:
40270500477F0000:error:02000072:rsa routines:rsa_ossl_public_decrypt:padding check failed:../crypto/rsa/rsa_ossl.c:598:
40270500477F0000:error:1C880004:Provider routines:rsa_verify:RSA lib:../providers/implementations/signature/rsa_sig.c:774:
40270500477F0000:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:../crypto/asn1/a_verify.c:217:
S/Mime
create signature
BASH
滚动查看更多
openssl smime -sign -in msg.txt -text -out msg.p7s \
-signer certificate.crt -inkey privateKey.key
Verify signature
BASH
滚动查看更多
openssl smime -verify -in msg.p7s -CAfile chain.pem
CRL
Print out the contents of the CRL
BASH
滚动查看更多
openssl crl -inform DER -noout -text -in crl/cacrl.der
openssl crl -inform PEM -noout -text -in crl/cacrl.pem
PKCS#12
Display contents
BASH
滚动查看更多
openssl pkcs12 -info -in digitalIdentity.p12
Create from certificate and private key
BASH
滚动查看更多
openssl pkcs12 -export -in certificate.cert \
-inkey privateKey.key -out digitalIdentity.p12
Extract private key
BASH
滚动查看更多
openssl pkcs12 -in digitalIdentity.p12 -out privateKey.key
Convert to PEM
BASH
滚动查看更多
openssl pkcs12 -in digitalIdentity.p12 -out digitalIdentity.pem
TSA
Display query
BASH
滚动查看更多
openssl ts -query -in query.tsq -text
Display reply
BASH
滚动查看更多
openssl ts -reply -in reply.tsr -text
Verify reply
BASH
滚动查看更多
openssl ts -verify -in reply.tsr -data data.dat -CAfile chain.pem
Extract token from reply
BASH
滚动查看更多
openssl ts -reply -in reply.tsr -token_out -out token.tk
Extract certificates from token
BASH
滚动查看更多
openssl pkcs7 -inform DER -in token.tk -print_certs -noout -text
CSR
Create from existing key
BASH
滚动查看更多
openssl req -new -key privateKey.key -out my.csr
This can of course be a RSA key or one based on an elliptic curve. Available curves can be listed using
BASH
滚动查看更多
openssl ecparam -list_curves
Afterwards you chose one of the curves and create a private key like so:
BASH
滚动查看更多
openssl ecparam -name secp521r1 -genkey -noout \
-out privateKey.key
Display
BASH
滚动查看更多
openssl req -in my.csr -noout -text
HTTPS
Dump Certificates PEM encoded
BASH
滚动查看更多
openssl s_client -showcerts -connect www.example.com:443
STARTTLS
Dump Certificates PEM encoded
BASH
滚动查看更多
openssl s_client -showcerts -starttls imap \
-connect mail.domain.com:139
S/MIME verification
Possible outcomes
Message was tampered with (return code 4):
BASH
滚动查看更多
Verification failure
140485684135232:error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure:../crypto/cms/cms_sd.c:847:
140485684135232:error:2E09D06D:CMS routines:CMS_verify:content verify error:../crypto/cms/cms_smime.c:393:
Message signature not trusted (return code 4):
BASH
滚动查看更多
Verification failure
140146111432000:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:252:Verify error:unable to get local issuer certificate
Message not signed (return code 2):
BASH
滚动查看更多
Error reading S/MIME message
140701208487232:error:0D0D40CD:asn1 encoding routines:SMIME_read_ASN1:invalid mime type:../crypto/asn1/asn_mime.c:469:type: multipart/alternative
Validation successful (return code 0):
BASH
滚动查看更多
Verification successful
Verify the validity of an email message
BASH
滚动查看更多
openssl cms -verify -in some_email_message.eml
Verify the validity of an email message explicitly specifying trust
BASH
滚动查看更多
openssl cms -verify -in some_email_message \
-CAfile trust_anchor-crt
Signed and encrypted messages need to be decrypted first:
Note: the P12 file holding the digital identity must be pem-encoded! (see above)
BASH
滚动查看更多
openssl cms -decrypt -out decrypted_email_message \
-inkey p12.pem -in some_encrypted_email_message
Raw
See the raw structure of an ASN.1 file (only for DER encoded files)
BASH
滚动查看更多
openssl asn1parse -in mysterious_file.pem
With a bit more detail
BASH
滚动查看更多
openssl asn1parse -dump -strictpem -in mysterious_file.pem
Some resources with useful OpenSSL commands
- OpenSSL command cheatsheet
- 21 OpenSSL Examples to Help You in Real-World
- The Most Common OpenSSL Commands
- OpenSSL Quick Reference Guide
- openssl_commands.md
- OpenSSL Essentials: Working with SSL Certificates, Private Keys and CSRs
- OpenSSL tips and tricks
- Checking A Remote Certificate Chain With OpenSSL
- OpenSSL: how to extract certificates and token status from RFC3161 timestamping reply?
- Steps to generate CSR for SAN certificate with openssl
- Howto add a Subject Alternative Name extension into a Certificate Signing Request
相关 Cheat Sheets
1v1免费职业咨询
Follow Us
We Accept
地址
Level 10b, 144 Edward Street, Brisbane CBD(Headquarter)Level 2, 171 La Trobe St, Melbourne VIC 3000四川省成都市武侯区桂溪街道天府大道中段500号D5东方希望天祥广场B座45A13号Business Hub, 155 Waymouth St, Adelaide SA 5000Disclaimer
JR Academy acknowledges Traditional Owners of Country throughout Australia and recognises the continuing connection to lands, waters and communities. We pay our respect to Aboriginal and Torres Strait Islander cultures; and to Elders past and present. Aboriginal and Torres Strait Islander peoples should be aware that this website may contain images or names of people who have since passed away.
匠人学院网站上的所有内容,包括课程材料、徽标和匠人学院网站上提供的信息,均受澳大利亚政府知识产权法的保护。严禁未经授权使用、销售、分发、复制或修改。违规行为可能会导致法律诉讼。通过访问我们的网站,您同意尊重我们的知识产权。 JR Academy Pty Ltd 保留所有权利,包括专利、商标和版权。任何侵权行为都将受到法律追究。查看用户协议
© 2017-2025 JR Academy Pty Ltd. All rights reserved.
ABN 26621887572