Generate a self-signed SSL cert

First generate the key, at least with 2048 encryption bits:

~ $ openssl genrsa -out 2048

Second generate the csr using the above key:

~ $ openssl req -new -key -out

Answer to the questions:

Country Name (2 letter code) [AU]:GL
State or Province Name (full name) [Some-State]:Your state
Locality Name (eg, city) []:Your city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your company
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []
Email Address []

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Finally signed the csr with the key:

~ $ openssl x509 -req -days 365 -in -signkey -out

Also you can do all steps in a single one:

~ $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout -out

Extract info from a SSL cert

All info from a CSR file:

~ $ openssl req -noout -text -in

All info from a CRT file:

~ $ openssl x509 -noout -text -in

Expiration date:

~ $ openssl x509 -noout -dates -in

Verify the CSR file:

~ $ openssl req -verify -in

Verify the KEY:

~ $ openssl rsa -check -in

Compare the md5 KEY, CSR and CRT to check if they match:

~ $ openssl rsa -noout -modulus -in | openssl md5
~ $ openssl req -noout -modulus -in | openssl md5
~ $ openssl x509 -noout -modulus -in | openssl md5

Extract secure HTTP info remotely:

~ $ openssl s_client -showcerts -connect

Extract secure SMTP info remotely:

~ $ openssl s_client -showcerts -connect
Posted in SSL