littlecxm · March 1, 2023 09:50 · Feb 22, 2023 · Dec 17, 2022 · Dec 17, 2022 · Dec 24, 2020
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -151,4 +151,17 @@ Decrypt files with rsautl
 
 ```sh
 openssl rsautl -decrypt -in encrypted.txt -out plaintext.txt -inkey privkey.pem
+```
+
+### Exporting
+
+Extracting Public Key from Private Key
+```
+openssl rsa -in privkey.pem -pubout > key.pub
+```
+
+Extracting Public Key from Certificate
+```
+openssl x509 -pubkey -noout -in cert.pem  > pubkey.pem
+
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -46,6 +46,17 @@ Generate a Diffie Hellman key
 openssl dhparam -out dhparam.pem 2048
 ```
 
+Generate a v3 certificate by signing CSR
+```sh
+openssl x509 -days 365 -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt
+```
+See below for an example `v3.ext` file
+```text
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+```
+
 ### Checking
 Check a certificate signing request (CSR)
 

diff --git a/openssl_commands.md b/openssl_commands.md
@@ -1,103 +1,84 @@
-# openssl 🔐
+# OpenSSL 🔐
 
-
-### Install
+## Install
 
 Install the OpenSSL on Debian based systems
 
 ```sh
 sudo apt-get install openssl
 ```
 
-
-### Commands
-
+## Commands
+### Creation
 Create a private key
 
 ```sh
 openssl genrsa -out server.key 4096
 ```
 
-
 Generate a new private key and certificate signing request
 
 ```sh
 openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key
 ```
 
-
 Generate a self-signed certificate
 
 ```sh
 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
 ```
 
-
 Generate a certificate signing request (CSR) for an existing private key
 
 ```sh
 openssl req -out server.csr -key server.key -new
 ```
 
-
 Generate a certificate signing request based on an existing certificate
 
 ```sh
 openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key
 ```
 
-
-Remove a passphrase from a private key
-
-```sh
-openssl rsa -in server.pem -out newserver.pem
-```
-
-
-Parse a list of revoked serial numbers
+Generate a Diffie Hellman key
 
 ```sh
-openssl crl -inform DER -text -noout -in list.crl
+openssl dhparam -out dhparam.pem 2048
 ```
 
-
+### Checking
 Check a certificate signing request (CSR)
 
 ```sh
 openssl req -text -noout -verify -in server.csr
 ```
 
-
 Check a private key
 
 ```sh
 openssl rsa -in server.key -check
 ```
 
-
 Check a public key
 
 ```sh
 openssl rsa -inform PEM -pubin -in pub.key -text -noout
 openssl pkey -inform PEM -pubin -in pub.key -text -noout
 ```
 
-
 Check a certificate
 
 ```sh
 openssl x509 -in server.crt -text -noout
 openssl x509 -in server.cer -text -noout
 ```
 
-
 Check a PKCS#12 file (.pfx or .p12)
 
 ```sh
 openssl pkcs12 -info -in server.p12
 ```
 
-
 Verify a private key matches an certificate
 
 ```sh
@@ -106,56 +87,55 @@ openssl rsa -noout -modulus -in server.key | openssl md5
 openssl req -noout -modulus -in server.csr | openssl md5
 ```
 
-
 Display all certificates including intermediates
 
 ```sh
 openssl s_client -connect www.paypal.com:443
 ```
 
-
+### Converting
 Convert a DER file (.crt .cer .der) to PEM
 
 ```sh
 openssl x509 -inform der -in server.cer -out server.pem
 ```
 
-
 Convert a PEM file to DER
 
 ```sh
 openssl x509 -outform der -in server.pem -out server.der
 ```
 
-
 Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
 
 ```sh
 openssl pkcs12 -in server.pfx -out server.pem -nodes
 ```
 
-
 Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
 
 ```sh
 openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
 ```
 
-
-Generate a Diffie Hellman key
+### Other commands
+Remove a passphrase from a private key
 
 ```sh
-openssl dhparam -out dhparam.pem 2048
+openssl rsa -in server.pem -out newserver.pem
 ```
 
+Parse a list of revoked serial numbers
 
+```sh
+openssl crl -inform DER -text -noout -in list.crl
+```
 Encrypt files with rsautl
 
 ```sh
 openssl rsautl -encrypt -in plaintext.txt -out encrypted.txt -pubin -inkey pubkey.pem
 ```
 
-
 Decrypt files with rsautl
 
 ```sh

diff --git a/openssl_commands.md b/openssl_commands.md
@@ -1,4 +1,4 @@
-# openssl
+# openssl 🔐
 
 
 ### Install

diff --git a/openssl_commands.md b/openssl_commands.md
@@ -149,8 +149,15 @@ openssl dhparam -out dhparam.pem 2048
 ```
 
 
+Encrypt files with rsautl
+
+```sh
+openssl rsautl -encrypt -in plaintext.txt -out encrypted.txt -pubin -inkey pubkey.pem
+```
+
+
 Decrypt files with rsautl
 
 ```sh
-openssl rsautl -decrypt -inkey key.pem -in encrypted.txt -out decrypted.txt
+openssl rsautl -decrypt -in encrypted.txt -out plaintext.txt -inkey privkey.pem
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -146,4 +146,11 @@ Generate a Diffie Hellman key
 
 ```sh
 openssl dhparam -out dhparam.pem 2048
+```
+
+
+Decrypt files with rsautl
+
+```sh
+openssl rsautl -decrypt -inkey key.pem -in encrypted.txt -out decrypted.txt
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -1,5 +1,6 @@
 # openssl
 
+
 ### Install
 
 Install the OpenSSL on Debian based systems
@@ -8,6 +9,7 @@ Install the OpenSSL on Debian based systems
 sudo apt-get install openssl
 ```
 
+
 ### Commands
 
 Create a private key
@@ -16,74 +18,86 @@ Create a private key
 openssl genrsa -out server.key 4096
 ```
 
+
 Generate a new private key and certificate signing request
 
 ```sh
 openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key
 ```
 
+
 Generate a self-signed certificate
 
 ```sh
 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
 ```
 
+
 Generate a certificate signing request (CSR) for an existing private key
 
 ```sh
 openssl req -out server.csr -key server.key -new
 ```
 
+
 Generate a certificate signing request based on an existing certificate
 
 ```sh
 openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key
 ```
 
+
 Remove a passphrase from a private key
 
 ```sh
 openssl rsa -in server.pem -out newserver.pem
 ```
 
+
 Parse a list of revoked serial numbers
 
 ```sh
 openssl crl -inform DER -text -noout -in list.crl
 ```
 
+
 Check a certificate signing request (CSR)
 
 ```sh
 openssl req -text -noout -verify -in server.csr
 ```
 
+
 Check a private key
 
 ```sh
 openssl rsa -in server.key -check
 ```
 
+
 Check a public key
 
 ```sh
 openssl rsa -inform PEM -pubin -in pub.key -text -noout
 openssl pkey -inform PEM -pubin -in pub.key -text -noout
 ```
 
+
 Check a certificate
 
 ```sh
 openssl x509 -in server.crt -text -noout
 openssl x509 -in server.cer -text -noout
 ```
 
+
 Check a PKCS#12 file (.pfx or .p12)
 
 ```sh
 openssl pkcs12 -info -in server.p12
 ```
 
+
 Verify a private key matches an certificate
 
 ```sh
@@ -92,32 +106,44 @@ openssl rsa -noout -modulus -in server.key | openssl md5
 openssl req -noout -modulus -in server.csr | openssl md5
 ```
 
+
 Display all certificates including intermediates
 
 ```sh
 openssl s_client -connect www.paypal.com:443
 ```
 
+
 Convert a DER file (.crt .cer .der) to PEM
 
 ```sh
 openssl x509 -inform der -in server.cer -out server.pem
 ```
 
+
 Convert a PEM file to DER
 
 ```sh
 openssl x509 -outform der -in server.pem -out server.der
 ```
 
+
 Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
 
 ```sh
 openssl pkcs12 -in server.pfx -out server.pem -nodes
 ```
 
+
 Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
 
 ```sh
 openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
+```
+
+
+Generate a Diffie Hellman key
+
+```sh
+openssl dhparam -out dhparam.pem 2048
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -64,6 +64,13 @@ Check a private key
 openssl rsa -in server.key -check
 ```
 
+Check a public key
+
+```sh
+openssl rsa -inform PEM -pubin -in pub.key -text -noout
+openssl pkey -inform PEM -pubin -in pub.key -text -noout
+```
+
 Check a certificate
 
 ```sh

diff --git a/openssl_commands.md b/openssl_commands.md
@@ -1,110 +1,116 @@
-#openssl
+# openssl
 
-###Install
+### Install
 
 Install the OpenSSL on Debian based systems
 
-```bash
+```sh
 sudo apt-get install openssl
 ```
 
-###Commands
+### Commands
 
 Create a private key
 
-```bash
+```sh
 openssl genrsa -out server.key 4096
 ```
 
 Generate a new private key and certificate signing request
 
-```bash
+```sh
 openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key
 ```
 
 Generate a self-signed certificate
 
-```bash
+```sh
 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
 ```
 
 Generate a certificate signing request (CSR) for an existing private key
 
-```bash
+```sh
 openssl req -out server.csr -key server.key -new
 ```
 
 Generate a certificate signing request based on an existing certificate
 
-```bash
+```sh
 openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key
 ```
 
 Remove a passphrase from a private key
 
-```bash
+```sh
 openssl rsa -in server.pem -out newserver.pem
 ```
 
+Parse a list of revoked serial numbers
+
+```sh
+openssl crl -inform DER -text -noout -in list.crl
+```
+
 Check a certificate signing request (CSR)
 
-```bash
+```sh
 openssl req -text -noout -verify -in server.csr
 ```
 
 Check a private key
 
-```bash
+```sh
 openssl rsa -in server.key -check
 ```
 
 Check a certificate
 
-```bash
+```sh
 openssl x509 -in server.crt -text -noout
 openssl x509 -in server.cer -text -noout
 ```
 
 Check a PKCS#12 file (.pfx or .p12)
 
-```bash
+```sh
 openssl pkcs12 -info -in server.p12
 ```
 
 Verify a private key matches an certificate
 
-```bash
+```sh
 openssl x509 -noout -modulus -in server.crt | openssl md5
 openssl rsa -noout -modulus -in server.key | openssl md5
 openssl req -noout -modulus -in server.csr | openssl md5
 ```
 
 Display all certificates including intermediates
 
-```bash
+```sh
 openssl s_client -connect www.paypal.com:443
 ```
 
 Convert a DER file (.crt .cer .der) to PEM
 
-```bash
+```sh
 openssl x509 -inform der -in server.cer -out server.pem
 ```
 
 Convert a PEM file to DER
 
-```bash
+```sh
 openssl x509 -outform der -in server.pem -out server.der
 ```
 
 Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
 
-```bash
+```sh
 openssl pkcs12 -in server.pfx -out server.pem -nodes
 ```
 
 Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
 
-```bash
+```sh
 openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -13,19 +13,19 @@ sudo apt-get install openssl
 Create a private key
 
 ```bash
-openssl genrsa -out server.key 2048
+openssl genrsa -out server.key 4096
 ```
 
 Generate a new private key and certificate signing request
 
 ```bash
-openssl req -out server.csr -new -newkey rsa:2048 -nodes -keyout server.key
+openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key
 ```
 
 Generate a self-signed certificate
 
 ```bash
-openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
+openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
 ```
 
 Generate a certificate signing request (CSR) for an existing private key

diff --git a/openssl_commands.md b/openssl_commands.md
@@ -2,7 +2,7 @@
 
 ###Install
 
-Install the OpenSSL on Debian based Systems
+Install the OpenSSL on Debian based systems
 
 ```bash
 sudo apt-get install openssl

diff --git a/openssl_commands.md b/openssl_commands.md
@@ -62,6 +62,7 @@ Check a certificate
 
 ```bash
 openssl x509 -in server.crt -text -noout
+openssl x509 -in server.cer -text -noout
 ```
 
 Check a PKCS#12 file (.pfx or .p12)
@@ -106,10 +107,4 @@ Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
 
 ```bash
 openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
-```
-
-Look at your certificate which must be installed on your system
-
-```bash
-openssl x509 -in server.cer -noout -text
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -111,5 +111,5 @@ openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfil
 Look at your certificate which must be installed on your system
 
 ```bash
-openssl x509 -in cerfile.cer -noout -text
+openssl x509 -in server.cer -noout -text
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -28,7 +28,7 @@ Generate a self-signed certificate
 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
 ```
 
-Generate a certificate signing request (server) for an existing private key
+Generate a certificate signing request (CSR) for an existing private key
 
 ```bash
 openssl req -out server.csr -key server.key -new
@@ -46,7 +46,7 @@ Remove a passphrase from a private key
 openssl rsa -in server.pem -out newserver.pem
 ```
 
-Check a certificate signing request (server)
+Check a certificate signing request (CSR)
 
 ```bash
 openssl req -text -noout -verify -in server.csr
@@ -106,4 +106,10 @@ Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
 
 ```bash
 openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
+```
+
+Look at your certificate which must be installed on your system
+
+```bash
+openssl x509 -in cerfile.cer -noout -text
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -1,5 +1,15 @@
 #openssl
 
+###Install
+
+Install the OpenSSL on Debian based Systems
+
+```bash
+sudo apt-get install openssl
+```
+
+###Commands
+
 Create a private key
 
 ```bash

diff --git a/openssl_commands.md b/openssl_commands.md
@@ -1,65 +1,71 @@
 #openssl
 
+Create a private key
+
+```bash
+openssl genrsa -out server.key 2048
+```
+
 Generate a new private key and certificate signing request
 
 ```bash
-openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout keystore.key
+openssl req -out server.csr -new -newkey rsa:2048 -nodes -keyout server.key
 ```
 
 Generate a self-signed certificate
 
 ```bash
-openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout keystore.key -out certificate.crt
+openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
 ```
 
-Generate a certificate signing request (CSR) for an existing private key
+Generate a certificate signing request (server) for an existing private key
 
 ```bash
-openssl req -out CSR.csr -key keystore.key -new
+openssl req -out server.csr -key server.key -new
 ```
 
 Generate a certificate signing request based on an existing certificate
 
 ```bash
-openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey keystore.key
+openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key
 ```
 
 Remove a passphrase from a private key
 
 ```bash
-openssl rsa -in keystore.pem -out newkeystore.pem
+openssl rsa -in server.pem -out newserver.pem
 ```
 
-Check a Certificate Signing Request (CSR)
+Check a certificate signing request (server)
 
 ```bash
-openssl req -text -noout -verify -in CSR.csr
+openssl req -text -noout -verify -in server.csr
 ```
 
 Check a private key
 
 ```bash
-openssl rsa -in keystore.key -check
+openssl rsa -in server.key -check
 ```
 
 Check a certificate
 
 ```bash
-openssl x509 -in certificate.crt -text -noout
+openssl x509 -in server.crt -text -noout
 ```
 
 Check a PKCS#12 file (.pfx or .p12)
 
 ```bash
-openssl pkcs12 -info -in keyStore.p12
+openssl pkcs12 -info -in server.p12
 ```
 
-Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
+Verify a private key matches an certificate
 
 ```bash
-openssl x509 -noout -modulus -in certificate.crt | openssl md5
-openssl rsa -noout -modulus -in keystore.key | openssl md5
-openssl req -noout -modulus -in CSR.csr | openssl md5
+openssl x509 -noout -modulus -in server.crt | openssl md5
+openssl rsa -noout -modulus -in server.key | openssl md5
+openssl req -noout -modulus -in server.csr | openssl md5
 ```
 
 Display all certificates including intermediates
@@ -71,23 +77,23 @@ openssl s_client -connect www.paypal.com:443
 Convert a DER file (.crt .cer .der) to PEM
 
 ```bash
-openssl x509 -inform der -in certificate.cer -out certificate.pem
+openssl x509 -inform der -in server.cer -out server.pem
 ```
 
 Convert a PEM file to DER
 
 ```bash
-openssl x509 -outform der -in certificate.pem -out certificate.der
+openssl x509 -outform der -in server.pem -out server.der
 ```
 
 Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
 
 ```bash
-openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
+openssl pkcs12 -in server.pfx -out server.pem -nodes
 ```
 
 Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
 
 ```bash
-openssl pkcs12 -export -out certificate.pfx -inkey keystore.key -in certificate.crt -certfile CACert.crt
+openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
 ```
diff --git a/openssl_commands.md b/openssl_commands.md
@@ -0,0 +1,93 @@
+#openssl
+
+Generate a new private key and certificate signing request
+
+```bash
+openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout keystore.key
+```
+
+Generate a self-signed certificate
+
+```bash
+openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout keystore.key -out certificate.crt
+```
+
+Generate a certificate signing request (CSR) for an existing private key
+
+```bash
+openssl req -out CSR.csr -key keystore.key -new
+```
+
+Generate a certificate signing request based on an existing certificate
+
+```bash
+openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey keystore.key
+```
+
+Remove a passphrase from a private key
+
+```bash
+openssl rsa -in keystore.pem -out newkeystore.pem
+```
+
+Check a Certificate Signing Request (CSR)
+
+```bash
+openssl req -text -noout -verify -in CSR.csr
+```
+
+Check a private key
+
+```bash
+openssl rsa -in keystore.key -check
+```
+
+Check a certificate
+
+```bash
+openssl x509 -in certificate.crt -text -noout
+```
+
+Check a PKCS#12 file (.pfx or .p12)
+
+```bash
+openssl pkcs12 -info -in keyStore.p12
+```
+
+Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
+
+```bash
+openssl x509 -noout -modulus -in certificate.crt | openssl md5
+openssl rsa -noout -modulus -in keystore.key | openssl md5
+openssl req -noout -modulus -in CSR.csr | openssl md5
+```
+
+Display all certificates including intermediates
+
+```bash
+openssl s_client -connect www.paypal.com:443
+```
+
+Convert a DER file (.crt .cer .der) to PEM
+
+```bash
+openssl x509 -inform der -in certificate.cer -out certificate.pem
+```
+
+Convert a PEM file to DER
+
+```bash
+openssl x509 -outform der -in certificate.pem -out certificate.der
+```
+
+Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
+
+```bash
+openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
+```
+
+Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
+
+```bash
+openssl pkcs12 -export -out certificate.pfx -inkey keystore.key -in certificate.crt -certfile CACert.crt
+```