PKI Certificate Tutorials - Herong's Tutorial Examples

∟OpenSSL - Cryptography Toolkit

This chapter provides a quick introduction of OpenSSL cryptography toolkit. Topics include what is OpenSSL; installing OpenSSL CLI on CentOS; generating private/public key pairs, CSRs (Certificate Signing Requests), and self-signed certificates; signing CSRs into certificates as a CA (Certificate Authority).

What Is OpenSSL

What Is "openssl" Command

"openssl genpkey" - Generate Private Key

"openssl genpkey -algorithm RSA" - RSA Private Key

"openssl genpkey -algorithm EC" - EC Private Key

"openssl req" - CSR (Certificate Signing Request)

"openssl req -new" - Generate CSR from Key

"openssl req -newkey ..." - Generate Key and CSR

"openssl req -x509" - Generate Self-Signed Certificate

"openssl x509" - X.509 Certificate Command

"openssl x509 -CA ..." - CA Signing Certificate

Takeaways:

• OpenSSL is the most popular cryptography toolkit for generating and managing PKI certificates.
• The "openssl genpkey" command can be used to generate private/public key pairs of different algorithms like RSA and EC.
• The "openssl req" command can be used to generate a CSR (Certificate Signing Requests) based on a private/public key pair with given identity information.
• The "openssl x509 -CA ..." command can be used to sign a CSR into a certificate using CA (Certificate Authority) key pair and CA self-signed certificate.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

►OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB

OpenSSL - Cryptography Toolkit - Updated in 2024, by Herong Yang