What Is OpenSSL

This section describes what is OpenSSL - a cryptography toolkit implementing SSL/TLS protocols and related cryptography standards.

What Is OpenSSL? OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

There are 2 ways to use the OpenSSL toolkit:

1. OpenSSL API (Application Programming Interface) - The OpenSSL toolkit has been implemented in most programming languages as an API so that you can access OpenSSL functionalities in your own programs. For example, the OpenSSL API for Python is called "pyOpenSSL" module.

2. OpenSSL CLI (Command Line Interface) - The OpenSSL toolkit has also been implemented in most operating systems as a command with functional sub-commands. For example, the OpenSSL Command on Linux is called "openssl".

The OpenSSL toolkit provides a large number of functions in the following areas:

Functions provided in OpenSSL are organized into 110 commands. Below is a list of 5 commands that are directly related to PKI certificates:

ca        Certificate Authority (CA) Management.
genpkey   Generation of Private Key or Parameters.
pkcs12    PKCS#12 file command.
req       Certificate request and certificate generating command.
x509      X.509 certificate data management.

In this chapter, I will provide some tutorials using those 5 commands through the OpenSSL CLI to perform tasks illustrated in the following PKI certificate generation process:

PKI Certificate Generation Process
PKI Certificate Generation Process

For more information on OpenSSL, visit OpenSSL Website at https://openssl-library.org.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

OpenSSL - Cryptography Toolkit

What Is OpenSSL

 What Is "openssl" Command

 "openssl genpkey" - Generate Private Key

 "openssl genpkey -algorithm RSA" - RSA Private Key

 "openssl genpkey -algorithm EC" - EC Private Key

 "openssl req" - CSR (Certificate Signing Request)

 "openssl req -new" - Generate CSR from Key

 "openssl req -newkey ..." - Generate Key and CSR

 "openssl req -x509" - Generate Self-Signed Certificate

 "openssl x509" - X.509 Certificate Command

 "openssl x509 -CA ..." - CA Signing Certificate

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB