Skip to content

Instantly share code, notes, and snippets.

@Grobix

Grobix/ssl.md

Forked from mxlje/ssl.md
Last active August 29, 2015 14:26
Show Gist options
  • Save Grobix/e304b6b299660d2d70dd to your computer and use it in GitHub Desktop.
Save Grobix/e304b6b299660d2d70dd to your computer and use it in GitHub Desktop.
Download ZIP
SSL Certificate Commands
Raw
ssl.md

These commands are needed every time you want to generate a new certificate signing request to give to an authority in order for them to generate and sign a certificate for you.

I constantly forget how this stuff works so I collected the most important ones here for easy copy & paste.

There is good information available on https://www.h2check.org/deploy, and they also go into detail on HTTP/2.

Generate new private key

This is unencrypted and must be kept private.

$ openssl genrsa -out example.com.key 2048

Generate Certificate Signing Request (CSR) using the private key

$ openssl req -new -sha256 -key example.com.key -out example.com.csr

Single command

$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

Check a CSR

This allows you to check the information enclosed in a CSR.

$ openssl req -noout -text -in example.com.csr

Diffie-Hellman paratemers

http://blog.ivanristic.com/2013/06/ssl-labs-deploying-forward-secrecy.html

$ openssl dhparam -out dhparam.pem 2048

Self signed cert

Use this to test SSL config on localhost but realize that these certs will not be trusted by browsers.

$ openssl req -x509 -newkey rsa:2048 -keyout example.com.key -out example.com.crt -days 365 -nodes

-nodes means that the private key will be unencrypted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment