Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for openssl

October 19, 2020

OpenSSL Upgrade

Here’s how to upgrade to OpenSSL 1.1 on Redhat/Centos.

# check
openssl version
yum info openssl
# download and install
cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -zxf openssl-1.0.2-latest.tar.gz
# compile
cd openssl-1.0.2a
./config
make
make test
make install
# update softlink
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# verify new version
openssl version

# check openssl version yum info openssl # download and install cd /usr/local/src wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz tar -zxf openssl-1.0.2-latest.tar.gz # compile cd openssl-1.0.2a ./config make make test make install # update softlink mv /usr/bin/openssl /root/ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl # verify new version openssl version

April 22, 2020

PFX to PEM

Here’s how to convert SSL certificate from PFX to PEM format.

#!/bin/bash
 
echo "This script converts SSL certificates from PFX to PEM."
read -p 'Enter PFX Certificate Name  : ' cert_pfx
read -p 'Enter the Import Passphrase : ' import_passphrase
 
openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
sleep 3
openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

#!/bin/bash echo "This script converts SSL certificates from PFX to PEM." read -p 'Enter PFX Certificate Name : ' cert_pfx read -p 'Enter the Import Passphrase : ' import_passphrase openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase sleep 3 openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

This was covered in an earlier post, but this script prompts you for the passphrase.

Here’s the expected output.

  • cert-key.pem
  • cert-body.pem
  • cert-chain.pem
  • cert-private.key

October 30, 2018

SSL Expiry

It’s not always clear how to find out when your SSL certificate is expiring. Openssl should be able to tell you.

$ openssl x509 -enddate -noout -in certificate.crt

$ openssl x509 -enddate -noout -in certificate.crt

  • Cloud
  • Linux
  • Git

Copyright © 2012–2021