Table of Contents

SSL handling with openssl

Generate private key

Generate private key with a bit lenght of 2048. 2048 bits is minimum for this time of writing.

openssl genrsa -out <Filename of private key.key> 2048

Generate CSR

Generate CSR (Customer Signing request) using private key.

openssl req -new -key <Filename of private key.key> -out <Filename of CSR.csr>

Fill out questions when asked. CN is very important. Provide CSR to CA for signing.

List content of CSR

openssl req -noout -text -in <Filename of CSR.csr>

List content of signed certificate or intermediate certificate

openssl x509 -in <certificate filename.crt> -noout -text

List content of signed certificate or intermediate certificate in der format

openssl x509 -in <certificate filename.der> -inform der -text

List information about web site SSL certificate

openssl s_client -showcerts -connect <host to check>:443