PKI Certificate Tutorials - Herong's Tutorial Examples - v1.10, by Herong Yang
What Is "openssl" Command
This section describes the 'openssl' command, which invokes the OpenSSL CLI to access OpenSSL functions.
What Is "openssl" Command? "openssl" is the command to invoke the OpenSSL CLI (Command Line Interface) to access OpenSSL functions.
If the "openssl" command is not available on your computer, you can download and install the OpenSSL package. Here is what I did on my CentOS computer:
herong$ sudo dnf install openssl ... Installed: openssl-1:1.1.1k-5.el8_5.x86_64
The syntax to invoke the "openssl" command can be described as:
openssl command opts args Where: command - one of 110 commands provided in OpenSSL opts - list of options supported by the given command args - list of arguments to feed into the given command
For example, the following command line invokes OpenSSL "x509" command with 1 option "-help" and no argument.
herong$ openssl x509 -help Usage: x509 [options] General options: -help Display this summary -in infile Certificate input, or CSR input file with -req -passin val Private key and cert file pass-phrase source ...
For more information on the "openssl" command, run the "man openssl" command:
herong$ man openssl NAME openssl - OpenSSL command line tool SYNOPSIS openssl command [ command_opts ] [ command_args ] openssl list [ standard-commands | digest-commands | cipher-... openssl no-XXX [ arbitrary options ] DESCRIPTION OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. ...
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
►OpenSSL - Cryptography Toolkit
"openssl genpkey" - Generate Private Key
"openssl genpkey -algorithm RSA" - RSA Private Key
"openssl genpkey -algorithm EC" - EC Private Key
"openssl req" - CSR (Certificate Signing Request)
"openssl req -new" - Generate CSR from Key
"openssl req -newkey ..." - Generate Key and CSR
"openssl req -x509" - Generate Self-Signed Certificate
"openssl x509" - X.509 Certificate Command
"openssl x509 -CA ..." - CA Signing Certificate
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File