Working With Certificates and OpenSSL

In 2018 SSL is a fact of life everywhere. Below are a couple of common useful tips:


Generating a CSR and key from a bash script:


#Written By
#Last Modified April 20, 2016
#Auto-Generate CSR and Key file for SHA-256 SSL Certs

#Required Site Info

#Check for Site Name, If missing error output will be displayed
if [ -z "$sitename" ]
	echo "Error! No site name provided, please provide a sitename after typing ex:"
	exit 99

#Generate CSR and Key
openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout ~/$sitename.key -out ~/$sitename.csr

#Show CSR to copy and Paste
echo "Your request completed successfully, copy the CSR below and use a certificate provider to generate an SSL certificate from this CSR"
cat ~/$sitename.csr

Comparing a newly issues crt to its keyfile to ensure they match:

openssl x509 -noout -modulus -in | openssl md5
openssl rsa -noout -modulus -in | openssl md5

The output from these should be a matching MD5 string, if the values do not match you have a cert/key mismatch.

Converting crt and key to pfx:

openssl pkcs12 -export -out -inkey -in

Leave a Reply

Your email address will not be published. Required fields are marked *

16 + 13 =