Common Tasks Quicksheet
Please note that this is a summary of the documents found on openssl.org/modssl.org.
## common tasks
# extend certificate:
openssl x509 -in newca.pem -days 1024 -out cacert.pem -signkey MyCA/private/cakey.pem
# show cert content
openssl x509 -in cert.pem -noout -text
# Convert a certificate from PEM to DER format:
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
# Set a certificate to be trusted for SSL client use and change set its alias to `Steve's Class 1 CA''
openssl x509 -in cert.pem -addtrust sslclient -alias "Steve's Class 1 CA" -out trust.pem
## stunnel cert (www.stunnel.org)
1. CA.sh -newreq
2. CA.sh -signreq
3. cat newcert.pem>>newreq.pem
4. editieren und cert req und ca text löschen
5. mv newreq.pem /usr/ssl/certs/foo.bar.pem
6. chmod 600 /usr/ssl/certs/foo.bar.pem
7. ln -s foo.bar.pem `openssl x509 -hash -noout -in foo.bar.pem`
## create netscape cert / s/mime
1. Create a new certificate request with CA.sh -newreq
2. Sign the request with CA.sh -signreq
3. Create a PKCS#12 file with:
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -certfile \
MyCA/cacert.pem -name "MY CERTIFICATE" -out mycert.p12
## create apache cert
from http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28
1. Create a RSA private key:
unencrypted:
openssl genrsa -out server.key 1024
encrypted:
openssl genrsa -des3 -out server.key 1024
You can always create a decrypted PEM version of an encrypted one:
openssl rsa -in server.key -out server.key.unsecure
2. Create a Certificate Signing Request (CSR):
openssl req -new -key server.key -out newreq.pem
3. Sign it via CA:
CA.sh -sign
4. Edit the certificate/keyfile
remove extra date from newcert.pem
cat newcert.pem >>server.key
5. Remove the encryption from the RSA private key (while preserving the original file):
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
## create self-signed apache cert
openssl genrsa 4096 > server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.crt
How can I change the pass-phrase on my private key file?
openssl rsa -des3 -in server.key -out server.key.new
Please note that this is not finished yet.
| apt-get/dpkg | yum/rpm | up2date/rpm | |||
|---|---|---|---|---|---|
| Information | |||||
| Local file | rpm -qpi package.rpm | ||||
| Search installed base | |||||
| Package names | dpkg -l |grep package | yum list package | rpm -qa|grep package | ||
| Package infos | dpkg -I package | yum info package | rpm -qi package | ||
| Files knowing package name | dpkg -L package | rpm -ql package | rpm -ql package | ||
| Package knowing file name | dpkg -S file | yum whatprovides file | rpm -qpf file | ||
| Dependencies | yum deplist package | rpm -qR package | |||
| Search internet base | |||||
| Package names | apt-cache search package | yum search package | up2date --showall|grep package | ||
| Files | |||||
| Install | |||||
| Local file | |||||
| dpkg -i package.deb | yum localinstall package.rpm | rpm -i package.rpm | |||
| Internet | |||||
| apt-get <-t sourceselection> install package | yum install package | up2date -i package | |||
| Reinstall | |||||
| Local file | |||||
| rpm -e --justdb --nodeps package; yum localupdate package.rpm | rpm -i -f package.rpm | ||||
| Internet | |||||
| apt-get --reinstall install package / dpkg -r --ignore-depends=package package;apt-get install package | rpm -e --justdb --nodeps package; yum update package | rpm -e --justdb --nodeps package; up2date -i package | |||
| Update | |||||
| Local Base | |||||
| Single File | dpkg -U package.deb | yum localupdate package.rpm | rpm -U package.rpm | ||
| Whole system | yum localupdate /path | rpm -F *.rpm | |||
| Whole system to a new release | rpm -F *.rpm | rpm -F *.rpm | |||
| Internet | |||||
| Single File | apt-get -u update package | up2date package | |||
| Whole system | apt-get -u upgrade | yum -t -y upgrade | up2date -u | ||
| Whole system to a new release | apt-get -u dist-upgrade | up2date --upgrade-to-release release | |||
| Remove | |||||
| Keep configuration | |||||
| apt-get remove package / dpkg -r package | yum remove package | rpm -e package | |||
| Erase configuration | |||||
| apt-get --purge remove package | yum erase package | ||||
| Build | |||||
| Get SRC Package | |||||
| apt-get source package | yumdownloader --source package | up2date --src package | |||
| Build from Spec | |||||
| Binary | rpmbuild -bb package.spec | rpmbuild -bb package.spec | |||
| SRC Package | rpmbuild -bs package.spec | rpmbuild -bs package.spec | |||
| Build from SRC Package | |||||
| rpmbuild --rebuild package.src.rpm | rpmbuild --rebuild package.src.rpm | ||||
| Build from TAR Package | |||||
| rpmbuild -ta package.tar | rpmbuild -ta package.tar | ||||
| Cache handling | |||||
| Update | |||||
| apt-get update | yum check-update | up2date --justdb | |||
| Clean | |||||
| apt-get autoclean | yum clean all | ||||
| Rebuild | |||||
| rpm -rebuilddb | |||||
| Internet resource definition | |||||
| /etc/apt/sources.list | /etc/yum.conf | /etc/sysconfig/rhn/sources.list | |||