= openssl
  * [[linux:certificados:cayotros|]]
  * [[https://www.sslshopper.com/article-most-common-openssl-commands.html]]

== utils
  * Remove a passphrase from a private key:<code bash>openssl rsa -in privateKey.pem -out newPrivateKey.pem
</code>
== check
  * Check a Certificate Signing Request (CSR):<code bash>openssl req -text -noout -verify -in CSR.csr
</code>
  * Check a private key: <code bash>openssl rsa -in privateKey.key -check
</code>
  * Check a certificate: <code bash>openssl x509 -in certificate.crt -text -noout
</code>
  * Check a PKCS#12 file (.pfx or .p12):<code bash>openssl pkcs12 -info -in keyStore.p12
</code>

== debug
  * Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key:<code bash>openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5
</code>

== converting
  * Convert a DER file (.crt .cer .der) to PEM:<code bash>openssl x509 -inform der -in certificate.cer -out certificate.pem
</code>
  * Convert a PEM file to DER:<code bash>openssl x509 -outform der -in certificate.pem -out certificate.der
</code>
  * Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM:<code bash>openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
</code>
  * Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12):<code bash>openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
</code>