Open in app

Sign in

Write

Sign in

Using OpenSSL

Mustafa AK
3 min readAug 19, 2023

--

OpenSSL is a versatile and powerful tool for managing SSL/TLS certificates and private keys. It is widely used by system administrators, DevOps engineers, and software developers to secure web applications, email servers, and other networked services.

In here, we’ll explore the most important use cases for OpenSSL and provide detailed examples to help you get started.

Generating a Private Key

A private key is a cryptographic key that is used to encrypt and decrypt data in SSL/TLS connections. To generate a private key with OpenSSL, use the following command:

openssl genpkey -algorithm RSA -out private.key -aes256

This command creates a new private key using the RSA algorithm and encrypts it with AES-256. You can choose a different algorithm or encryption method by specifying different options.

Creating a Certificate Signing Request (CSR)

A Certificate Signing Request (CSR) is a message that is sent to a Certificate Authority (CA) to request a digital certificate. The CSR contains information about the organization that is requesting the certificate and the public key that will be used to encrypt data. To create a CSR with OpenSSL, use the following command:

openssl req -new -key private.key -out csr.csr

This command creates a new CSR using the private key you generated earlier. You’ll be prompted to enter information about your organization, such as the common name (CN) of your domain.

Signing a Certificate with a CA

Once you have generated a CSR, you can use it to request a digital certificate from a trusted Certificate Authority (CA). The CA will verify your organization’s identity and issue a certificate that can be used to encrypt data in SSL/TLS connections. To sign a certificate with a CA using OpenSSL, use the following command:

openssl x509 -req -in csr.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert.crt -days 365

This command signs the CSR with a CA certificate and creates a new certificate that’s valid for 365 days. You’ll need to replace ca.crt and ca.key with the filenames of your CA certificate and private key, respectively.

Converting Formats

There are many different formats for SSL/TLS certificates and private keys, and sometimes you may need to convert between them. OpenSSL provides several commands for converting certificates and private keys between the most common formats. Here are some examples:

# Convert a PEM certificate to DER
openssl x509 -in cert.pem -outform der -out cert.der
# Convert a DER certificate to PEM
openssl x509 -in cert.der -inform der -out cert.pem# Convert a PEM private key to PKCS#8 format
openssl pkcs8 -topk8 -in private.pem -out private.pk8 -nocrypt# Convert a PKCS#8 private key to PEM format
openssl pkcs8 -in private.pk8 -inform der -out private.pem -outform pem

These commands will convert certificates and private keys between the most common formats used in SSL/TLS.

Conclusion

OpenSSL is a powerful and flexible tool for managing SSL/TLS certificates and private keys. By following the examples in this guide, you’ll be able to generate private keys, create CSRs, sign certificates with a CA, and convert between different formats. With this knowledge, you’ll be well-equipped to manage SSL/TLS for your applications in Kubernetes and beyond.

Openssl
Openssl Certificate
Ssl Certificate

--

--

Mustafa AK

Written by Mustafa AK

52 Followers

DevOps Engineer @ relayr | 2 x AWS and 2 x Azure Certified Cloud Engineer | Terraform | CKA | CKAD

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams