# Monday, May 18, 2009

Few extra commands (openssl, certificates)

This is an addendum to http://mihail.stoynov.com/blog/2009/03/12/CertificatesKeystoresJavaKeytoolUtilityAndOpenssl.aspx 

Key file is a format that keeps the private key in unencrypted format. It does not keep the certificate.

Converting pem –> key

openssl rsa –in mycompany.pem –out mycompany.key

Check out a certificate (pem, key)

openssl x509 –in mycompany.pem -text –noout
openssl x509 –in mycompany.key -text –noout

Output the private key

openssl rsa –in mycompany.key
openssl rsa –in mycompany.pem

(if they’re the sam certificate, they output the same thing).

Output the private key in readable format

openssl rsa –in mycompany.key –text
openssl rsa –in mycompany.key –text –noout (omit the binary part)
openssl rsa –in mycompany.pem –text
openssl rsa –in mycompany.pem –text –noout (omit the binary part)

Update:

Launch small https server to test a certificate

# on one host, set up the server (using default port 4433)
openssl s_server -cert mycert.pem –www

Check the speeds to that server

# on second host (or even the same one), run s_time
openssl s_time -connect myhost:4433 -www / -new -ssl3

Did you know
#    Comments [0] | Trackback
OpenID
Please login with either your OpenID above, or your details below.
Name
E-mail
(will show your gravatar icon)
Home page

Comment (Some html is allowed: a@href@title, blockquote@cite, strike) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

Enter the code shown (prevents robots):
Live Comment Preview