What Is "openssl" Command

This section describes the 'openssl' command, which invokes the OpenSSL CLI to access OpenSSL functions.

What Is "openssl" Command? "openssl" is the command to invoke the OpenSSL CLI (Command Line Interface) to access OpenSSL functions.

If the "openssl" command is not available on your computer, you can download and install the OpenSSL package. Here is what I did on my CentOS computer:

herong$ sudo dnf install openssl 

...
Installed:
  openssl-1:1.1.1k-5.el8_5.x86_64

The syntax to invoke the "openssl" command can be described as:

openssl command opts args 

Where: 
  command - one of 110 commands provided in OpenSSL 
  opts - list of options supported by the given command 
  args - list of arguments to feed into the given command 

For example, the following command line invokes OpenSSL "x509" command with 1 option "-help" and no argument.

herong$ openssl x509 -help 

Usage: x509 [options]

General options:
  -help         Display this summary
  -in infile    Certificate input, or CSR input file with -req
  -passin val   Private key and cert file pass-phrase source
  ...

For more information on the "openssl" command, run the "man openssl" command:

herong$ man openssl

NAME
  openssl - OpenSSL command line tool

SYNOPSIS
  openssl command [ command_opts ] [ command_args ]
  openssl list [ standard-commands | digest-commands | cipher-...
  openssl no-XXX [ arbitrary options ]

DESCRIPTION
  OpenSSL is a cryptography toolkit implementing the Secure Sockets 
  Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network 
  protocols and related cryptography standards required by them.

...

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

OpenSSL - Cryptography Toolkit

 What Is OpenSSL

What Is "openssl" Command

 "openssl genpkey" - Generate Private Key

 "openssl genpkey -algorithm RSA" - RSA Private Key

 "openssl genpkey -algorithm EC" - EC Private Key

 "openssl req" - CSR (Certificate Signing Request)

 "openssl req -new" - Generate CSR from Key

 "openssl req -newkey ..." - Generate Key and CSR

 "openssl req -x509" - Generate Self-Signed Certificate

 "openssl x509" - X.509 Certificate Command

 "openssl x509 -CA ..." - CA Signing Certificate

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB