Difference between revisions of "SSL"
From Leaky
| Line 1: | Line 1: | ||
| + | == Generate a new key == | ||
| + | |||
| + | openssl genrsa -out www.mydomain.com.key 2048 | ||
| + | |||
| + | == Generate a new CSR from a key == | ||
| + | |||
| + | openssl req -new -sha256 -key www.mydomain.com.key -out www.mydomain.com.csr | ||
| + | |||
| + | == Checking if a key/csr/cert are related to each other == | ||
| + | |||
To compare a key, CSR or certificate to check they're related (e.g the CSR from key and the certificate is the signed CSR), generate the modulus for each item and they should all be the same. | To compare a key, CSR or certificate to check they're related (e.g the CSR from key and the certificate is the signed CSR), generate the modulus for each item and they should all be the same. | ||
Revision as of 15:02, 14 November 2015
Generate a new key
openssl genrsa -out www.mydomain.com.key 2048
Generate a new CSR from a key
openssl req -new -sha256 -key www.mydomain.com.key -out www.mydomain.com.csr
To compare a key, CSR or certificate to check they're related (e.g the CSR from key and the certificate is the signed CSR), generate the modulus for each item and they should all be the same.
For a certificate:
openssl x509 -noout -modulus -in file.crt
For a CSR:
openssl req -noout -modulus -in file.csr
For a key (assuming RSA):
openssl rsa -noout -modulus -in file.key
The output for each one is (wrapped at 70 characters, normally all on one line):
Modulus=958F0B0961CF7F99155050CFD5DD2F3776085D560C0E4CACBACCEC6A73C38A C3DA64FE26C747AB08555522D77EE0505C69B73F7DCA064155C7EC0FADF3CC11920136 DDC53C5F9BBE8B5A2866F955AFFEBFA116D8CDC6EE81CFF3F8D337FEE1E6658E507CA3 7EEFC4D9BD7F679FEF0844A81A94C7CB09A52A6C3785BF2D604E2A5750D131C0C0192C E6B843BA318F08D3D0AD63837F67A6E226D9EC3E187BAA4767FD988E63DF4ED16721CF E8BC17F2BD19E8DF006D770EA5C58E894E4FA0D0B714C6AFF11F6EB821B3FE99E91E5F D9CD2019146DE7A2D264DC7FC8742E195A3A8E05EFB146C5C97FFE2815DB050E842EE8 1F1C9C52A5EC7362FFB8A14E97B199
