Given below set of commands that allows to generate CSRs, Certificates, Private Keys.
Generate a Certificate Signing Request (CSR) and new private key
#openssl req -out maddy-CSR.csr -new -newkey rsa:2048 -nodes -keyout maddy-privateKey.key
Generate a self-signed certificate
#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout maddy-privateKey.key -out maddy-certificate.crt
Create CSR based on an existing private key
#openssl req -out CSR.csr -key maddy-privateKey.key –new
Create CSR based on an existing certificate
#openssl x509 -x509toreq -in maddy-certificate.crt -out maddy-CSR.csr -signkey maddy-privateKey.key
Passphrase removal from a private key
#openssl rsa -in privateKey.pem -out newPrivateKey.pem
Verifying Certificate Signing Request (CSR)
#openssl req -text -noout -verify -in maddy-CSR.csr
Verifying Private Key
#openssl rsa -in maddy-privateKey.key –check
Verifying SSL Certificate
#openssl x509 -in maddy-certificate.crt -text –noout
Verifying PKCS#12 File (.pfx or .p12)
#openssl pkcs12 -info -in keyStore.p12
SSL Converter to change the format
#openssl x509 -inform der -in maddy-certificate.cer -out maddy-certificate.pem
Converting PEM to DER
#openssl x509 -outform der -in maddy-certificate.pem -out maddy-certificate.der
Converting PKCS #12 File (.pfx, .p12) to PEM
#openssl pkcs12 -in maddy-keystore.pfx -out maddy-keystore.pem –nodes
Converting the PEM Certificate to PKCS # 12 (.pfx #12)
#openssl pkcs12 -export -out maddy-certificate.pfx -inkey maddy-privatekey.key -in maddy-certificate.crt -certfile maddy-CACert.crt
Checking all SSL Connection (All certificates displayed)
#openssl s_client -connect www.itmaddy.in:443
CONNECTED(00000004)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = AT, O = ZeroSSL, CN = ZeroSSL RSA Domain Secure Site CA
verify return:1
depth=0 CN = itmaddy.in
………..
To check MD5 Hash of Public Key
ensure that the public key matches with the CSR or the private key
openssl x509 -noout -modulus -in maddy-certificate.crt | openssl md5
openssl rsa -noout -modulus -in maddy-privateKey.key | openssl md5
openssl req -noout -modulus -in maddy-CSR.csr | openssl md5
Importing the root or intermediate CA certificate
#keytool -import -trustcacerts -alias root -file maddy.crt -keystore maddy-keystore.jks
Importing the signed primary certificate
#keytool -import -trustcacerts -alias mydomain -file maddy-mydomain.crt -keystore maddy-keystore.jks
Generating the keystore and self-signed certificate
#keytool -genkey -keyalg RSA -alias selfsigned -keystore maddy-keystore.jks -storepass password -validity 360 -keysize 2048
Generating the Key Pair & Java Keystore
#keytool -genkey -alias mydomainname -keyalg RSA -keystore maddy-keystore.jks -keysize 2048
Generate CSR for existing Java Keystore
#keytool -certreq -alias mydomainname -keystore keystore.jks -file maddy-mydomain.csr
Check an individual certificate
#keytool -printcert -v -file maddy-mydomain.crt
Checking the certificates in Java keystore
#keytool -list -v -keystore maddy-keystore.jks
Deleting the certificate from Java Keystore
#keytool -delete -alias mydomainname -keystore maddy-keystore.jks
Changing the password in Java keystore
#keytool -storepasswd -new new_storepass -keystore maddy-keystore.jks
Export the certificate from Java keystore
#keytool -export -alias mydomainname -file maddy-mydomain.crt -keystore maddy-keystore.jks
Listing the trusted CA Certificate
#keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
Import the new CA into Trusted Certs
#keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts