Basic OpenSSL Commands

OpenSSL is an open-source implementation of the SSL protocol. It is widely used and it has different functions which allow you to check CSR, Certificate, and expiry. Let’s see some Basic Openssl Commands, which will be used in your daily life.

Basic OpenSSL Commands

Here are some basic open commands which will be useful when you are dealing with certificates or anything related to that.

  1. Decoding the certificate

This will decode the certificate and display some information about the certificate, like expiry date, issuer, etc.

$ openssl x509 -in certificate.crt -text -noout

2. Checking the expiry date

If don’t want to completely decode the certificate and just check the expiry date, you can use this handy command

$ cat certificate.crt | openssl x509 -noout -enddate

3. How to see if a Certificate and a Private Key match

Compare the output from both commands. If they are identical then the private key matches the certificate.

$ openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
$ openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum 

4. Verifying SSL

This will verify the CSR certificate which you have created.

$ openssl req -noout -text -in justgeek.csr

5. Verify Private Key

There are some online tools to verify keys, but it’s not a great idea to verify keys using those tools. OpenSSL command would be the best way.

$ openssl rsa -in justgeek.key –check

6. Verifying Certificate file

This command will verify the certificate file.

$ openssl x509 -in certfile.pem -text –noout

7. Checking SSL Connections

This will output the website’s certificate, including any intermediate certificates

$ openssl s_client -connect https://www.server.com:443

Above are the most basic Openssl Commands. Do let me know if you want us to add more here on this page, so you can bookmark this page and keep it handy 🙂

SSL is part of the security, here you can refer to more security-related posts. Also, you can read more about SSL here

Leave a Comment