openssl

OpenSSL Upgrade

by Ulysses · Oct 19, 2020

Here’s how to upgrade to OpenSSL 1.1 on Redhat/Centos.

# check
openssl version
yum info openssl
# download and install
cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -zxf openssl-1.0.2-latest.tar.gz
# compile
cd openssl-1.0.2a
./config
make
make test
make install
# update softlink
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# verify new version
openssl version

PFX to PEM

by Ulysses · Apr 22, 2020

Here’s how to convert SSL certificate from PFX to PEM format.

#!/bin/bash
 
echo "This script converts SSL certificates from PFX to PEM."
read -p 'Enter PFX Certificate Name  : ' cert_pfx
read -p 'Enter the Import Passphrase : ' import_passphrase
 
openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
sleep 3
openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

This was covered in an earlier post, but this script prompts you for the passphrase.

Here’s the expected output.

cert-key.pem
cert-body.pem
cert-chain.pem
cert-private.key

SSL Expiry

by Ulysses · Oct 30, 2018

It’s not always clear how to find out when your SSL certificate is expiring. Openssl should be able to tell you.

$ openssl x509 -enddate -noout -in certificate.crt