HTTPS Certs/OpenSSL

HTTPS Certs/OpenSSL

Convert certificates

# pem -> der
openssl x509 -in cert.pem -outform der -out cert.der
# der -> pem
openssl x509 -in cert.der -inform der -out cert.pem
# combine key + cert into pkcs#12
openssl pkcs12 -export -out bundle.p12 -inkey privkey.pem -in cert.pem -certfile chain.pem
# extract key
openssl pkcs12 -in bundle.p12 -nocerts -out privkey.pem
openssl pkcs12 -in bundle.p12 -nokeys -out cert.pem

Install Certificates

# update trust
sudo update-ca-certificates
sudo cp my-ca.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

Install cert for svc like nginx

sudo cp cert.pem /etc/nginx/ssl/
sudo cp privkey.pem /etc/nginx/ssl/
sudo systemctl reload nginx

Check certs

# check cert details
openssl x509 -in cert.pem -text -noout
# check enddate
openssl x509 -enddate -noout -in cert.pem
# Validate against ca
openssl verify -CAfile ca.pem cert.pem
# check remote server cert
openssl s_client -connect example.com:443 -servername example.com