Skip to content Skip to sidebar Skip to footer
Accueil / How Fo I See What Files I Uploaded Vital Check

How Fo I See What Files I Uploaded Vital Check

Enregistrer un commentaire

OpenSSL is an open-source command-line tool that is ordinarily used to generate private keys, create CSRs, install our SSL/TLS certificate, and identify certificate information. This quick reference can aid u.s. understand the most common OpenSSL commands and how to use them.

How to get an SSL Certificate

  • generate a central pair
  • employ this primal pair to generate a document signing request (CSR) that contains the public fundamental and domain name of our website
  • upload the request to a certificate authorisation or generate a self-signed document
  • download the certificate and install it on our spider web server along with the primal pair
Multi-domain SSL, from $17.88

Generate Private Key and CSR

We can use the following ii commands to generate private key and CSR.

  • openssl genrsa -out privateKey.central 2048
  • openssl req -new -central privateKey.key -out CSR.csr

Then nosotros need to input the following info to generate CSR.

  • Country Name: 2-digit country code where our organization is legally located.
  • Country/Province: Write the full name of the state where the organization is legally located.
  • City: Write the full name of the metropolis where our organization is legally located.
  • Arrangement Name: Write the legal name of our organization.
  • Organization Unit: Proper noun of the department
  • Common Proper name: Fully Qualified Domain Proper noun

Generate Individual fundamental and CSR with i control

We can also use the following control to generate CSR and individual central in a single shot.

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key -subj "/C=US/ST=Florida/L=Saint petersburg/O=Your Company, Inc./OU=It/CN=yourdomain.com"

Generate a self-signed document

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Purpose of CSR file Central file and certificate file

Nosotros should utilize the CSR file to request our SSL document from a Certificate Potency. Make sure we copy the entire text.

Document.crt and intermediate.crt should be concatenated into a document file bundle and stored on the server. privateKey.primal should also be stored on the server.

root.crt should exist stored on the client so the customer tin verify that the server's foliage certificate was signed by a concatenation of certificates linked to its trusted root certificate.

Check SSL certificate with OpenSSL Control

  • Check Private central info: openssl rsa -text -in privateKey.key -noout
  • Check CSR info: openssl req -text -in CSR.csr -noout
  • View SSL certificate info: openssl x509 -text -in document.crt -noout

Case:

openssl x509 -in hydssl.cer -text -noout
Certificate:
Data:
Version: 3 (0x2)
Series Number:
40:01:6e:fb:0a:20:5c:fa:eb:e1:8f:71:d7:3a:bb:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=The states, O=IdenTrust, CN=IdenTrust Commercial Root CA
Validity
Not Before: Dec 12 16:56:15 2019 GMT
Not Afterwards : December 12 16:56:15 2029 GMT
Bailiwick: C=The states, O=IdenTrust, OU=HydrantID Trusted Document Service, CN=HydrantID Server CA O1
Discipline Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 chip)
Modulus:
00:ea:1b:99:6c:35:56:xxx:68:fb:5d:b1:59:41:69:

Cheque who has issued the SSL certificate:

$ repeat | openssl s_client -servername howtouselinux.com -connect howtouselinux.com:443 2>/dev/null | openssl x509 -noout -issuer
issuer= /C=US/O=Let'due south Encrypt/CN=R3

Check whom the SSL document is issued to:

$ echo | openssl s_client -servername howtouselinux.com -connect howtouselinux.com:443 2>/dev/null | openssl x509 -noout -subject area
bailiwick= /CN=www.howtouselinux.com

Check for what dates the SSL certificate is valid:

$ echo | openssl s_client -servername howtouselinux.com -connect howtouselinux.com:443 two>/dev/zilch | openssl x509 -noout -dates
notBefore=Aug 8 04:49:59 2021 GMT
notAfter=Nov 6 04:49:57 2021 GMT

Bear witness the all to a higher place information nigh the SSL certificate

$ repeat | openssl s_client -servername howtouselinux.com -connect howtouselinux.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
echo | openssl s_client -servername howtouselinux.com -connect howtouselinux.com:443 ii>/dev/cipher | openssl x509 -noout -issuer -subject -dates
issuer= /C=United states/O=Let's Encrypt/CN=R3
subject= /CN=howtouselinux.com
notBefore=Aug 8 04:49:59 2021 GMT
notAfter=November vi 04:49:57 2021 GMT

Show the SHA1 fingerprint of the SSL certificate:

$ echo | openssl s_client -servername www.howtouselinux.com -connect world wide web.howtouselinux.com:443 two>/dev/aught | openssl x509 -noout -fingerprint
SHA1 Fingerprint=52:DA:6A:D5:81:A8:6C:20:6A:sixteen:EE:2E:A2:19:7A:C6:E7:A2:3E:87

Extract all data from the SSL certificate (decoded)

$ echo | openssl s_client -servername world wide web.howtouselinux.com -connect www.howtouselinux.com:443 ii>/dev/zilch | openssl x509 -noout -text
Certificate:
Information:
Version: iii (0x2)
Serial Number:
03:86:f4:63:3d:34:50:a8:47:cc:f7:99:10:1f:79:1c:21:c8
Signature Algorithm: sha256WithRSAEncryption
[…]

Evidence the SSL certificate itself (encoded):

$ echo | openssl s_client -servername howtouselinux.com -connect howtouselinux.com:443 2>/dev/zippo | openssl x509
—–Brainstorm CERTIFICATE—–
MIIFGDCCBACgAwIBAgISA4b0Yz00UKhHzPeZEB95HCHIMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMTgxMDU1MDBaFw0x
[…]

Cheque SSL Certificate expiration engagement

  • openssl s_client -servername SERVER_NAME -connect SERVER_NAME:PORT| openssl x509 -noout -dates
  • echo | openssl s_client -servername SERVER_NAME -connect SERVER_NAME:PORT | openssl x509 -noout -dates
  • openssl x509 -enddate -noout -in /path/to/my/my.pem

Case:

openssl x509 -dates -noout -in hydssl.cer
notBefore=December 12 16:56:xv 2019 GMT
notAfter=Dec 12 xvi:56:xv 2029 GMT

Verify the Keys Friction match

To verify the public and individual keys lucifer, extract the public key from each file and generate a hash output for it. All iii files should share the same public central and the same hash value.

Use the post-obit commands to generate a hash of each file's public key:

  • openssl pkey -pubout -in privateKey.central | openssl sha256
  • openssl req -pubkey -in CSR.csr -noout | openssl sha256
  • openssl x509 -pubkey -in certificate.crt -noout | openssl sha256

Related:

  • Exploring SSL Certificate Chain with Examples
  • Understanding X509 Certificate with Openssl Command
  • OpenSSL Control to Generate View Check Document
  • Converting CER CRT DER PEM PFX Certificate with Openssl
  • SSL vs TLS and how to check TLS version in Linux
  • Understanding SSH Key RSA DSA ECDSA ED25519
  • Agreement server certificates with Examples

rochaliented02.blogspot.com

Source: https://www.howtouselinux.com/post/openssl-command-to-generate-view-check-certificate

Enregistrer un commentaire for "How Fo I See What Files I Uploaded Vital Check"