Useful Openssl Commands

Certificates

Create a self signed certificate with no password

This command will create a certificate and key with no password. This is useful for setting up SSL protected webservers for testing. 
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout hostcert.key -out hostcert.crt

Examine an x509 Certificate 

openssl x509 -in certificate.crt -text -noout

Test for Expired x509 Certificate 

openssl x509 -in certificate.crt -noout -checkend 0
check the return code:
  • 0 Valid
  • 1 Expired

Python ex: 

import subprocess
import os

cert = '/tmp/x509up_u%s' % os.getuid() 
code = subprocess.call("openssl x509 -in %s -noout -checkend 0" % cert)
if code:
    print "Expired"
else:
    print "Valid"

-- MattVliet - 2010-12-20

This topic: HEPrc > GeneralTipsAndTricks > UsefulOpenSSLCommands
Topic revision: r2 - 2011-01-25 - mvliet
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback