Openssl, calculate SKI from public key in certificate

Publicerat 15 maj, 2020 av Anders Nygren

https://tools.ietf.org/html/rfc5280#section-4.2.1.2

Extract public key from certificate in to tempfile

openssl x509 -noout -in [cert-file] -pubkey > tmp.pub.der

Locate ”BIT STRING”

openssl asn1parse -in tmp.pub.der

Extract ”clean” public key

openssl asn1parse -in tmp.pub.der -strparse 19 -out pub.der

Calculate hash of the public key

openssl dgst -c -sha1 pub.der

Tribut to xuf for http://certificateerror.blogspot.com/2011/02/how-to-validate-subject-key-identifier.html

OpenSSL, compare certificate vs. private key

Publicerat 30 januari, 2018 av Anders Nygren

To view the certificate Modulus:

openssl x509 -noout -modulus -in [certificate-file.crt]

To view the key Modulus:

openssl rsa -noout -modulus -in [key-file.key]

Command to compare certificate vs private key

$ certMod=$(openssl x509 -text -noout -modulus -in server.crt | grep "Modulus=") && \
	keyMod=$(openssl rsa -text -noout -modulus -in server.key | grep "Modulus=") && \
	[[ $certMod == $keyMod ]] && echo "Equal"

Tribut to Peter Mescalchin magnetikonline for the script above https://gist.github.com/magnetikonline/fbdb26fcb34ca5038c03507cbdfdb534

Openssl – parse certificate and crl files

Publicerat 15 januari, 2018 av Anders Nygren

Parse certificate in binary format

openssl x509 -in certfile.cer -text -noout -inform der

Parse crl in binary format

openssl crl -in crlfile.crl -text -noout -inform der

Parse PEM file with several certificates

openssl crl2pkcs7 -nocrl -certfile FILE.pem | \
openssl pkcs7 -print_certs

Java keytool

Publicerat 8 december, 2017 av Anders Nygren

List certificates

keytool -list -keystore keystore.jks -v

keytool -list -keystore server.p12 -storetype PKCS12 -v

Convert from JKS to P12

keytool -importkeystore -srckeystore keystore.jks \
-srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

Convert from P12 to JKS

keytool -importkeystore -srckeystore keystore.p12 \
-srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

Import a root or intermediate CA certificate to an existing Java keystore

keytool -import -trustcacerts -alias rootCA -file CAcert.crt \
-keystore keystore.jks

Openssl, convert

Publicerat 2 september, 2015 av Anders Nygren

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key \
-in certificate.crt -certfile CACert.crt

Openssl, s_client

Publicerat 16 maj, 2015 av Anders Nygren

Retrieve and parse certificate from server

$ echo | openssl s_client -connect servername:443 \
| openssl x509 -noout -text

 openssl s_client -CAfile ./CAcert.pem -connect servername:1636 -ssl3

 openssl s_client -connect servername:1636 -cert clientcert.cer -certform DER -key clientkey.key

Parse an ASN.1 sequence.

$ openssl asn1parse -inform DER -in sample.cer -dump

ANy IT-konsult

My memory extension in the cloud :-)

Kategoriarkiv: PKI