PKI Certificate Tutorials - Herong's Tutorial Examples - v1.10, by Herong Yang
What Is OpenSSL
This section describes what is OpenSSL - a cryptography toolkit implementing SSL/TLS protocols and related cryptography standards.
What Is OpenSSL? OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.
There are 2 ways to use the OpenSSL toolkit:
1. OpenSSL API (Application Programming Interface) - The OpenSSL toolkit has been implemented in most programming languages as an API so that you can access OpenSSL functionalities in your own programs. For example, the OpenSSL API for Python is called "pyOpenSSL" module.
2. OpenSSL CLI (Command Line Interface) - The OpenSSL toolkit has also been implemented in most operating systems as a command with functional sub-commands. For example, the OpenSSL Command on Linux is called "openssl".
The OpenSSL toolkit provides a large number of functions in the following areas:
Functions provided in OpenSSL are organized into 110 commands. Below is a list of 5 commands that are directly related to PKI certificates:
ca Certificate Authority (CA) Management. genpkey Generation of Private Key or Parameters. pkcs12 PKCS#12 file command. req Certificate request and certificate generating command. x509 X.509 certificate data management.
In this chapter, I will provide some tutorials using those 5 commands through the OpenSSL CLI to perform tasks illustrated in the following PKI certificate generation process:
For more information on OpenSSL, visit OpenSSL Website at https://openssl-library.org.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
►OpenSSL - Cryptography Toolkit
"openssl genpkey" - Generate Private Key
"openssl genpkey -algorithm RSA" - RSA Private Key
"openssl genpkey -algorithm EC" - EC Private Key
"openssl req" - CSR (Certificate Signing Request)
"openssl req -new" - Generate CSR from Key
"openssl req -newkey ..." - Generate Key and CSR
"openssl req -x509" - Generate Self-Signed Certificate
"openssl x509" - X.509 Certificate Command
"openssl x509 -CA ..." - CA Signing Certificate
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File