JimBlaney/certificate-manipulation.md

Last active September 23, 2016 10:48

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/JimBlaney/4d778206069264103071.js"></script>
Save JimBlaney/4d778206069264103071 to your computer and use it in GitHub Desktop.

Download ZIP

OpenSSL commands for various certificate manipulations

Raw

certificate-manipulation.md

Split PKCS12 public/private keypair into Base64-encoded PEM files (separate)

openssl pkcs12 -in certificate.p12 -out servername.crt -clcerts -nokeys
openssl pkcs12 -in certificate.p12 -out servername.key -nocerts -nodes
openssl rsa -in servername.key -out servername.key

Compute the hash of a certificate (HTTPd requires CA certs in folders to be named by hash)

openssl x509 -noout -hash -in ca-certificate-file

Compute the digest for a server certificate for inclusion in the HTTP Public-Key-Pins header

openssl s_client -connect www.example.com:443 | \
    openssl x509 -pubkey -noout | \
    openssl rsa -pubin -outform der | \
    openssl dgst -sha256 -binary | \
    openssl enc -base64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment