tldr/pages/common/openssl.md

# openssl

> OpenSSL cryptographic toolkit.
> More information: <https://www.openssl.org>.

- Generate a 2048bit RSA private key and save it to a file:

`openssl genrsa -out {{filename.key}} 2048`

- Generate a certificate signing request to be sent to a certificate authority:

`openssl req -new -sha256 -key {{filename.key}} -out {{filename.csr}}`

- Generate a self-signed certificate from a certificate signing request valid for some number of days:

`openssl x509 -req -days {{days}} -in {{filename.csr}} -signkey {{filename.key}} -out {{filename.crt}}`

- Display certificate information:

`openssl x509 -in {{filename.crt}} -noout -text`

- Display a certificate's expiration date:

`openssl x509 -enddate -noout -in {{filename.pem}}`

- Display the start and expiry dates for a domain's certificate:

`openssl s_client -connect {{host}}:{{port}} 2>/dev/null | openssl x509 -noout -dates`

- Display the certificate presented by an SSL/TLS server:

`openssl s_client -connect {{host}}:{{port}} </dev/null`

- Display the complete certificate chain of an HTTPS server:

`openssl s_client -connect {{host}}:443 -showcerts </dev/null`
add tldr for openssl 2015-12-30 15:31:55 +00:00			`# openssl`

Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`> OpenSSL cryptographic toolkit.`
openssl: add link to homepage 2019-06-04 10:00:15 +01:00			`> More information: <https://www.openssl.org>.`
add tldr for openssl 2015-12-30 15:31:55 +00:00
Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`- Generate a 2048bit RSA private key and save it to a file:`
add tldr for openssl 2015-12-30 15:31:55 +00:00
Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`openssl genrsa -out {{filename.key}} 2048`
add tldr for openssl 2015-12-30 15:31:55 +00:00
Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`- Generate a certificate signing request to be sent to a certificate authority:`
add tldr for openssl 2015-12-30 15:31:55 +00:00
Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`openssl req -new -sha256 -key {{filename.key}} -out {{filename.csr}}`
add tldr for openssl 2015-12-30 15:31:55 +00:00
Replace viewing a csr example with example for creating a self signed certificate. 2016-01-22 22:03:08 +00:00			`- Generate a self-signed certificate from a certificate signing request valid for some number of days:`
add tldr for openssl 2015-12-30 15:31:55 +00:00
Replace viewing a csr example with example for creating a self signed certificate. 2016-01-22 22:03:08 +00:00			`openssl x509 -req -days {{days}} -in {{filename.csr}} -signkey {{filename.key}} -out {{filename.crt}}`
one command code per description 2016-01-05 14:26:54 +00:00
openssl: Display certificate information (#1999) 2018-02-15 22:44:09 +00:00			`- Display certificate information:`

			`openssl x509 -in {{filename.crt}} -noout -text`

openssl: add certificate expiry checking (#2946) 2019-04-29 13:29:12 +01:00			`- Display a certificate's expiration date:`

			`openssl x509 -enddate -noout -in {{filename.pem}}`

openssl: display a domain's cert's start and end dates (#1486) 2017-09-14 19:56:37 +01:00			`- Display the start and expiry dates for a domain's certificate:`

			`openssl s_client -connect {{host}}:{{port}} 2>/dev/null \| openssl x509 -noout -dates`

Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`- Display the certificate presented by an SSL/TLS server:`
one command code per description 2016-01-05 14:26:54 +00:00
Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`openssl s_client -connect {{host}}:{{port}} </dev/null`
one command code per description 2016-01-05 14:26:54 +00:00
Shorten OpenSSL to 24 lines. Split keygen and csr to distinct examples. Standardize pathing. Remove commands which are just md5 verifying csr/key/csr. 2016-01-20 18:11:47 +00:00			`- Display the complete certificate chain of an HTTPS server:`
one command code per description 2016-01-05 14:26:54 +00:00
Consistent host variable. 2016-02-10 04:58:44 +00:00			`openssl s_client -connect {{host}}:443 -showcerts </dev/null`