meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ssl:openssl [2023/06/21 11:56] niziakssl:openssl [2026/04/24 12:28] (current) niziak
Line 1: Line 1:
 +====== OpenSSL ======
 +
 ====== RSA keys ====== ====== RSA keys ======
 <code bash>openssl genrsa -des3 -out private.pem 2048</code> <code bash>openssl genrsa -des3 -out private.pem 2048</code>
Line 8: Line 10:
  
 ==== CA Bundle ==== ==== CA Bundle ====
 +
 === Extract CAs form Mozilla === === Extract CAs form Mozilla ===
 Direct download link [[https://curl.haxx.se/ca/cacert.pem|cacert.pem]] \\ Direct download link [[https://curl.haxx.se/ca/cacert.pem|cacert.pem]] \\
Line 37: Line 40:
 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5
 openssl req -noout -modulus -in CSR.csr | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5
 +</code>
 +
 +More strict verify:
 +
 +<code bash>
 +c=mysite.crt 
 +k=mysite.key 
 +cmp <(echo Key is valid; openssl x509 -pubkey -in $c -noout) <(openssl pkey --check -pubout -in $k -outform PEM)
 </code> </code>
  
 === Generate key === === Generate key ===
 +
 <code> <code>
 openssl dhparam -dsaparam -out dh2048.pem 2048 openssl dhparam -dsaparam -out dh2048.pem 2048