Most Common OpenSSL Commands


Imagine that you need to send a message to your friend. But you don’t know where he is or what his contact detail is. You just know another man who has your friend’s contacts that can send your message to him.

Internet was designed in a way like we describe above. The data passes through multiple nodes in the network to reach its destination.  By the default data will be a text plain and insecure. Any nodes which you pass the message to get package to, can read these messages.

SSL and TLS are the protocols to reduce this risk. So only message owner can read message and also make sure that message sender is the true person that should be.

OpenSSL is a powerful toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.  Also it’s  a  free software that implements  SSL and TLS  protocols and  enables server to send data across  the internet with encrypted mode. To understand OpenSSL, you also need to understand its purpose.

The OpenSSL contains tools essential for the following tasks;

  • Generating private keys (RSA)
  • Generating Certificate Signing Request (CSRs)
  • Performing encryption/decryption
  • Manage and control encrypted file

Let’s have  a  look  some of  OpenSSL  Operations and  Features.

Generating  RSA , CSRs, CRT

  • Create a new private key and Certificate Signing Request (CSRs)

  • Generate a self-signed certificate (CRT)

  • Create a Certificate  Sigining  Request  with  existing  PEM file

  • Generate  a  Certificate  Signing  Request  with  an existing  Certificate (CSRs)

Check RSA , CSRs, CRT

  • Check  A CSR file

  • Check Private key

  • Check  Certificate file

  • Check PKCS#12 file (.pfx and .p12)

Debugging  Tools OpenSSL

  • Use MD5 to check  if  certificate, pem and csr are  matched

  • Check SSL  connection  certificate  information

Converting Use  OpenSSL

  • Convert DER  format  (.cer .crt .der) to PEM

  • Convert  PEM to  DER

  • Convert  PKCS#12(.pfx or  .p12) to PEM

Also you  have  two  options  to export  only private Key and also  only  certificate

  • Convert  PKCS#12(.pfx or  .p12) to PEM (only  export PEM)

  • Convert  PKCS#12(.pfx or  .p12) to CRT (only  export Certificate)

  • Convert  PEM and  CRT to  PKCS#12(.pfx, .p12)


Follow me


I'm a System Engineer with extensive experience and administration skills and works for Interbank Card Center Of Turkey.I provide hardware and software support for the following Unix/Linux and Windows platforms.(Oracle Solaris,HP-UX, Linux, IBM-AIX, Windows Servers)
Follow me
facebooktwittergoogle_pluslinkedinby feather