Few extra commands (openssl, certificates)

This is an addendum to https://mihail.stoynov.com/blog/2009/03/12/CertificatesKeystoresJavaKeytoolUtilityAndOpenssl.aspx 

Key file is a format that keeps the private key in unencrypted format. It does not keep the certificate.

Converting pem –> key

openssl rsa –in mycompany.pem –out mycompany.key

Check out a certificate (pem, key)

openssl x509 –in mycompany.pem -text –noout
openssl x509 –in mycompany.key -text –noout

Output the private key

openssl rsa –in mycompany.key
openssl rsa –in mycompany.pem

(if they’re the sam certificate, they output the same thing).

Output the private key in readable format

openssl rsa –in mycompany.key –text
openssl rsa –in mycompany.key –text –noout (omit the binary part)
openssl rsa –in mycompany.pem –text
openssl rsa –in mycompany.pem –text –noout (omit the binary part)


Launch small https server to test a certificate

# on one host, set up the server (using default port 4433)
openssl s_server -cert mycert.pem –www

Check the speeds to that server

# on second host (or even the same one), run s_time
openssl s_time -connect myhost:4433 -www / -new -ssl3

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.