Thursday, 2 August 2018

openssl Command in Linux

In the earlier days, when people started to use the Internet, information was being transferred across the globe through HTTP (Hyper Text Transfer Protocol). HTTP was never safe as the information was being transferred in the plain text format and clould easily be available to the hacker who would intercept the communication. This information may consist of sensitive information including credit card details and passwords, which lead to increasing frauds. Hence, it was necessary to pass this information from one corner of the world to another through a secure channel, such that the information is not compromised. Thus, encryption came into the picture and the protocol that uses encryption while using HTTP - Secure Socket Layer (SSL). Since then, it is popularly known as HTTP over SSL or HTTPS.

Why HTTPS?

There are three main reasons:

  • Authenticity - HTTPS ensures that, the data exchange is happening with legitimate user, i.e. it checks the authenticity of the enduser it is connected to. If it is an intruder, it will drop the connection before any data exchange happens.
  • Data privacy - HTTPS encrypts the data such that only the intended enduser can decrypt and read it. Intruders will only be able to capture the encrypted message that is not readable.
  • Data Integrity - HTTPS ensures that the data received at receiver end is the same one which was sent at sender end, i.e. it has not changed/altered in the middle.

How HTTPS works?


  1. Browsers initiates a connection with the server
  2. Servers responds back with a public key (through SSL certificate), while private key is kept with the server itself
  3. Browser generates a random encryption key (session key) and encrypts it with public key
  4. Browser sends the encrypted session key to the server
  5. Server receives encrypted session key and decrypts it using private key, to get original session key
  6. Now, both the browser and the server has the same session key, that they can use to encrypt and decrypt the data
  7. Session key expires when the connection terminates

This article explain tips to generate Private Key, CSR (Certificate signing request) in linux using
OpenSSL command to obtain a Certificate Authority (CA) signed SSL certificate. CSR file used
submit to CA to complete order process of signed SSL certificate. You can get cheap SSL
certificate available at cheapsslshop.com.

Perform following steps to Generate private key, CSR for CA signed certificates in Linux using 'openssl' command

1. Generate a private key


Login to your Linux server and execute the following openssl command

openssl genrsa -des3 -out example.key 2048

Output:

# openssl genrsa -des3 -out example.key 2048
Generating RSA private key, 2048 bit long modulus
...................................................+++
.......+++
e is 65537 (0x10001)
Enter pass phrase for example.key:
Verifying - Enter pass phrase for example.key:

It will create a file example.key which is the private key. Lets look at the contents of this file.

# cat example.key 
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5B72B5B1A445E6DD

KsIkmOuoagyG/Xs9JhA9qFbqpJjl73CvPWpUyeWUi80e9ZBQbjKJ9gkmKN5IQ/T6
fd/dOf3p5iMlnzjjq+4ST5Zuo/QW2DV1hffvgjTcC3KB0H44oC/Tjox3BfmBS+Km
cLpIKA5n+eysXowrc/uUhbdx1oCNUMUiiP/Cforn+vom+6VgMYbC6674CGPAGdqK
Ffy+NGErM58cUeko1/ax/Cj3ietlkTdCewR2hY4+4uDo3bfZMNMrYklkfy42XlcJ
nI5YzGhDSqB0cE0eblkekw5bbg77cRYdAk9L9onlirWek9ZA+EPZBtZA2S1xeJxA
iIbpg5cHn7oOoefvDkLrv75v3eNrqhP/wg6yFdQoi4edjG94SOpFqBTjueUAdF9p
Q4mA9PheARZ2V3bt4Mi5mgm7tfUwVNqVXwxmU+ErDHyxmpr1GzL2joqOUN0JQMIe
ahrYrcJBY93JK0+i7wlTuHg8ZkGCOCUXdyTbhlDgyfoey4tk9dA37R41N/F5IVPC
/AhZQa2UV7gMWdF18tsAesMpjQgR4OF/5kT03mPxiVNYUEHx4cRQ8JokMC4WlDwV
+ETJyjWToJeWIKAvHD2188MXjh/jMlP5JF/zRpFpEG6xZe2k9Cq8PGn+eM2SCwVH
8tLgQZzdrBL0p6H5ePrnXanVnOIiH09AL07/AuJrpcXNQSTEgUHkVI7wWbb5UbyL
hzG2Ky1X5+G3vgJeKz+UAe5P56qmhfhRHDzQg8FkU60nqCQi5DN1NhN7GeIh5r+n
lzyHEPQZc0lO0vYhXUTT2npCfNgDLvBLOFA8zphGR7hbIhi8t4MvJPM2z7IZuH0k
FPFmkgh15ByF75bLOuLMrOg1C74TbwNkKBihq8nGFtUywDUXcaot2b+xR0/KvULz
qZT/I8HlCUYqK7GfGHpPCGloqFOy/U2+XQ4JS1BR8NCxEun7Kk79KhdJo+d9eean
D62rpAlBdb8cx2j28pUsyhte7sQ9HP3BiujuctxN7XiFDVQsPZ5RpBFwqB+Ou2C1
4nn5AM80JWJGAdAjVnGSLgrPPJkAPOCu9T0sGZFemilismleDG5O7SfL9YXdwuqd
1jOW0W66heIsVrId751L4V+R2LDSztPS4VetwVAulxBvZHgkCJtGlzODZRX2SDob
X/xfwU/uZWoZgfgKM9S2ZIf4iMkIKnMo5tdzBQ3FrezB28BWFUtA5QyPmUWo2Txq
jWLcWuTn/shQl8d8TKGKd3c7TS0Fw9uJXaKW61RWB4clOsbSuwe/o9HDNdVz4uiI
xQkeSo+rGdeVm0ZTxtopOfMMtjWlOfQwp/SCYi947aOIK68wuQYnbViDR/loR2x/
yDb+0dGjpUDYI5m+G/R6XrjjSKlv1DkPgGcjWVoVxBOeTunPXhdab0O+fQIy5J69
LAWjpa5UCTcOY/IYZONy3KLCxy6irvy8xKJQA8LJQYR00s7f8Lz4k0Sgu6aA6E+v
7J9yZ6AfkYv9xzJFlD98nKQxDJImtGLe59/EuEZ/gnJCOHqyagTuyb1DtaI9neoR
FX1N656+PGieUfQvifaBajbNglvbijUqPvhUMs6D5Vpluo8YSOGcyg==
-----END RSA PRIVATE KEY-----

2. Generate a Certificate Signing Request (CSR)


Command:

openssl req -new -out example.csr -key example.key

Output:

# openssl req -new -out example.csr -key example.key 
Enter pass phrase for example.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:MH
Locality Name (eg, city) []:MUMBAI
Organization Name (eg, company) [Internet Widgits Pty Ltd]:EXAMPLE
Organizational Unit Name (eg, section) []:TESTUNIT
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:user@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:      
An optional company name []:EXAMPLE

It will create a file example.csr which is the CSR. Its contents will look like :

-----BEGIN CERTIFICATE REQUEST-----
MIIC5TCCAc0CAQAwgYcxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJNSDEPMA0GA1UE
BwwGTVVNQkFJMRAwDgYDVQQKDAdFWEFNUExFMREwDwYDVQQLDAhURVNUVU5JVDEU
MBIGA1UEAwwLZXhhbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEHVzZXJAZXhhbXBs
ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlGSFQt0sR4kJC
/39NtTKNNObIRESPpXABZMoQrH0opZROFgsNHMu1Y28/tMIxzENrytPRuOcmsA+R
wMyd9KUjrLZSXoNTwGVJQsyU2gII66fnoXHOIaTHm6YP/a4KuYMDW4jLl5TugNqh
4TjZ/cP4cDuB4dEEuq7X33YBktVH8OMxiel8P8Nh8cU6xBQRZyubluWQwwX6hMiC
lOKkHKMIzx54l1QJ3EiVY1n0N44Q4AIR7xzULY1bghSWdvqi4Tu88NJh/Xy2whWv
ybJiN7o8d4P5qxP9+uHjFWeLcMd1w2G53wdsALvphEUcmd4FwrEiZTjHJoTIIz8h
8EShqq0hAgMBAAGgGDAWBgkqhkiG9w0BCQIxCQwHRVhBTVBMRTANBgkqhkiG9w0B
AQsFAAOCAQEAJlhA5unLl0e4yk5Is0P4LUU2VkZ8nn2osTAo/AYkFblGddxzQFL3
7iy8sfC7lLK9UysG8hmbo8jHSuEaAmH5lkBzlxde2SavBPbafZ8UovjHvdbrZmi9
8MTdVHDPA5KaV6Z7wM1I6Qtm17Q0gx+YppvBv6oyZINs2wcU7KKcixJTE9MyPiFK
VIKvk+OCNXPuDypA6Z90+LNBbrWBvqgRmL4PI7QjLynndhhZoQHTIZao8WFZtx4v
vQF7d0XwHgIUqlyc0bjSvwc6Yx2Q2wWRtFAM3h64XdFt8KtfIOmv0Tshe88bvun0
pkMnhxwY1CyFUKfNNYHsNHZahDenIQP90g==
-----END CERTIFICATE REQUEST-----

Conversions using openssl

1. Convert crt to pem


Command:

openssl x509 -in example.crt -out example.pem -outform PEM

This will generate a file example.pem whose contents are the same as that of example.crt. So, effectively it just copying the exmaple.crt file as example.pem.

2. Convert to p12


This requires example.crt file to be converted to example.pem and you know how to do it :)

Command:

openssl pkcs12 -export -out example.p12 -in example.pem -inkey example.key 

Output:

# openssl pkcs12 -export -out example.p12 -in example.pem -inkey example.key 
Enter pass phrase for example.key:
Enter Export Password:
Verifying - Enter Export Password:

3. Extracting key from p12 file


Command:

openssl pkcs12 -in example.p12 -nocerts -out example2.key

Output:

# openssl pkcs12 -in example.p12 -nocerts -out example2.key
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

This generates a key example2.key from the p12 file.

4. Extracting crt from p12 file


Command:

openssl pkcs12 -in example.p12 -clcerts -nokeys -out example2.crt

Output:

# openssl pkcs12 -in example.p12 -clcerts -nokeys -out example2.crt
Enter Import Password:
MAC verified OK

It generates a crt file example2.crt whose contents can be displayed:

Bag Attributes
    localKeyID: 6C B6 C7 C8 85 56 86 38 46 A8 C9 27 0F 7A 72 8D A8 D5 C7 CF 
subject=/C=IN/ST=MH/L=MUMBAI/O=EXAMPLE/OU=TESTUNIT/CN=example.com/emailAddress=user@example.com
issuer=/C=IN/ST=MH/L=MUMBAI/O=EXAMPLE/OU=TESTUNIT/CN=example.com/emailAddress=user@example.com
-----BEGIN CERTIFICATE-----
MIIDjDCCAnQCCQCZctLzit9LpjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC
SU4xCzAJBgNVBAgMAk1IMQ8wDQYDVQQHDAZNVU1CQUkxEDAOBgNVBAoMB0VYQU1Q
TEUxETAPBgNVBAsMCFRFU1RVTklUMRQwEgYDVQQDDAtleGFtcGxlLmNvbTEfMB0G
CSqGSIb3DQEJARYQdXNlckBleGFtcGxlLmNvbTAeFw0xODA4MDIxNTI0MjJaFw0x
OTA4MDIxNTI0MjJaMIGHMQswCQYDVQQGEwJJTjELMAkGA1UECAwCTUgxDzANBgNV
BAcMBk1VTUJBSTEQMA4GA1UECgwHRVhBTVBMRTERMA8GA1UECwwIVEVTVFVOSVQx
FDASBgNVBAMMC2V4YW1wbGUuY29tMR8wHQYJKoZIhvcNAQkBFhB1c2VyQGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5RkhULdLEeJC
Qv9/TbUyjTTmyEREj6VwAWTKEKx9KKWUThYLDRzLtWNvP7TCMcxDa8rT0bjnJrAP
kcDMnfSlI6y2Ul6DU8BlSULMlNoCCOun56FxziGkx5umD/2uCrmDA1uIy5eU7oDa
oeE42f3D+HA7geHRBLqu1992AZLVR/DjMYnpfD/DYfHFOsQUEWcrm5blkMMF+oTI
gpTipByjCM8eeJdUCdxIlWNZ9DeOEOACEe8c1C2NW4IUlnb6ouE7vPDSYf18tsIV
r8myYje6PHeD+asT/frh4xVni3DHdcNhud8HbAC76YRFHJneBcKxImU4xyaEyCM/
IfBEoaqtIQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBvp6MetgOlXC2SbOCz7oxe
XQhAsIzxoxb57uzkGK3fnyE/Bdj+08IscosO2+2CGyS0v/hKAql+aoiCb/TBS3CP
E1zhdRkIruUBmntOy3wbW2lSZAv/bg8rWicrvzuj4QGFL8oCIjBgEH4tmlgmmwzE
rbSqzQXppSZ9YeyCKkVkNOsCldBEFUkDo+hZ5cD3F71oiM/vWjQWJpXWI/ifSRSN
BhnljhPEXFzL+GBMMgVSthKccy5WNj7UBeKK6RhjruSLp2HnEYZWnQauXNz2IDzY
WFEWDdBalp6q+1WhTR7cYFaGdc6ae6jKwvMW0Y5fpPSYl8zwwePTX6xyb1bz0YTx
-----END CERTIFICATE-----

Verification with openssl

Verify a private key


Command:

openssl rsa -in example.key -check

Output:

# openssl rsa -in example.key -check
Enter pass phrase for example.key:
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA5RkhULdLEeJCQv9/TbUyjTTmyEREj6VwAWTKEKx9KKWUThYL
DRzLtWNvP7TCMcxDa8rT0bjnJrAPkcDMnfSlI6y2Ul6DU8BlSULMlNoCCOun56Fx
ziGkx5umD/2uCrmDA1uIy5eU7oDaoeE42f3D+HA7geHRBLqu1992AZLVR/DjMYnp
fD/DYfHFOsQUEWcrm5blkMMF+oTIgpTipByjCM8eeJdUCdxIlWNZ9DeOEOACEe8c
1C2NW4IUlnb6ouE7vPDSYf18tsIVr8myYje6PHeD+asT/frh4xVni3DHdcNhud8H
bAC76YRFHJneBcKxImU4xyaEyCM/IfBEoaqtIQIDAQABAoIBAEggfk2kN109B7GC
MPktF+o/An2AiLlU04uMyNUxCQJ4BtYCuJ37N+M2l/rNlOoKrhtMsx1vAk861NwF
gCYmtKsjoA8UtHH0u66x+ijO7h8S2jzhpivIidFSHpkgO+Aiga3X7pxyb7AbHzoh
5z0yWLVp2EJO7vh3Mb7DGqrqKH3KL5rlRZeQ5+DvF3bFxoCLjNO7uOaPsLNf8vnx
8VGzjuts47LUL4Gtn/92FuOCsiRN1yhhd9yC9fnQ6B7R6fMcu6JSKyMHqp2xMlvO
8/cPUIHgoAOUQm3rLBJywsY7YGViq712qIZJRo2OT0XFCiAgDFQXSuYulg2/akY5
xEqG4sECgYEA+irSjBinHY7iKnAKGq5zbt/GWTyDd5tLa7MEBpVkrWMbTc7kMh3m
LCyYMtXEp0J+F+hbKORKnUY6I9ESTEcvGeCRYYYeghemNdTQK3xZmC5K1Ie1SLxs
BYYAT17O9OwxlG7yElobf689/kbbS6m99lkLAJPIlkkUTXVfJFpCX7kCgYEA6nCN
WPyI9Zr+IVakBbDLfueOVbvBTvty5z2Owm2sWdx+1ZeS9/Y+0mLi+HKWg87qjPfn
Wg/WZoBSAO3EKH7TKeZs2PQnkO5+QFjRdEMRZJsVLMGmHTdwSg+zOQqY1Owrak41
Z1q0OnfHfRD5GSmuC+qL8rnrDKeDRlI6kPiLXKkCgYAX/bVVZCParNI5uabuah59
2o3+DtSYytbPzEoti3QtQJzkuFugBsgFIn2yGlgSpkjLaCgd4s7ZCFwZBTrY/9af
h67JiIAyf6wb633PPcyl0IKyoRUclZ1SZkhvVCtKx7/1eTJT2jpa42ZxlUAAoJWs
I1vvwTxyVS3SQ9hM9y74WQKBgDMNz7pRRII3/p/D/nQ+zBIW2yhQewh4Oc2h2jT9
LUtkeTqKh7b4KTYn0sXILn8F0I5ibj9us4Ie77zECrPG6rV1OL8GbJdjWJsqvHJV
KLSAEVxtz38NU6bNRHpnlGDKDapY3chkOFuDOi5CQ/z21rBBo7h4RHe9AxmNTrPD
bJYBAoGANmFJjJyAkNVEdSGdWCv9iDQhkP3TRsE0hFICEniptHL/hmZzz1GfFdTL
4F53AQ9Prl+zcxjQCL4uenNFieYDFAej/bVlEIP6dI6GYKYCMOaWtoG5sByhq2sZ
oAmtuXsC5dJFHTahxMqDOcxFoHgmhn0lktQ6VRTDEBaa3x6/62w=
-----END RSA PRIVATE KEY-----

2. Verify a certificate


Command:

openssl x509 -in example.crt -noout -text

Output:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 11057131978596764582 (0x9972d2f38adf4ba6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=IN, ST=MH, L=MUMBAI, O=EXAMPLE, OU=TESTUNIT, CN=example.com/emailAddress=user@example.com
        Validity
            Not Before: Aug  2 15:24:22 2018 GMT
            Not After : Aug  2 15:24:22 2019 GMT
        Subject: C=IN, ST=MH, L=MUMBAI, O=EXAMPLE, OU=TESTUNIT, CN=example.com/emailAddress=user@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e5:19:21:50:b7:4b:11:e2:42:42:ff:7f:4d:b5:
                    32:8d:34:e6:c8:44:44:8f:a5:70:01:64:ca:10:ac:
                    7d:28:a5:94:4e:16:0b:0d:1c:cb:b5:63:6f:3f:b4:
                    c2:31:cc:43:6b:ca:d3:d1:b8:e7:26:b0:0f:91:c0:
                    cc:9d:f4:a5:23:ac:b6:52:5e:83:53:c0:65:49:42:
                    cc:94:da:02:08:eb:a7:e7:a1:71:ce:21:a4:c7:9b:
                    a6:0f:fd:ae:0a:b9:83:03:5b:88:cb:97:94:ee:80:
                    da:a1:e1:38:d9:fd:c3:f8:70:3b:81:e1:d1:04:ba:
                    ae:d7:df:76:01:92:d5:47:f0:e3:31:89:e9:7c:3f:
                    c3:61:f1:c5:3a:c4:14:11:67:2b:9b:96:e5:90:c3:
                    05:fa:84:c8:82:94:e2:a4:1c:a3:08:cf:1e:78:97:
                    54:09:dc:48:95:63:59:f4:37:8e:10:e0:02:11:ef:
                    1c:d4:2d:8d:5b:82:14:96:76:fa:a2:e1:3b:bc:f0:
                    d2:61:fd:7c:b6:c2:15:af:c9:b2:62:37:ba:3c:77:
                    83:f9:ab:13:fd:fa:e1:e3:15:67:8b:70:c7:75:c3:
                    61:b9:df:07:6c:00:bb:e9:84:45:1c:99:de:05:c2:
                    b1:22:65:38:c7:26:84:c8:23:3f:21:f0:44:a1:aa:
                    ad:21
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
         6f:a7:a3:1e:b6:03:a5:5c:2d:92:6c:e0:b3:ee:8c:5e:5d:08:
         40:b0:8c:f1:a3:16:f9:ee:ec:e4:18:ad:df:9f:21:3f:05:d8:
         fe:d3:c2:2c:72:8b:0e:db:ed:82:1b:24:b4:bf:f8:4a:02:a9:
         7e:6a:88:82:6f:f4:c1:4b:70:8f:13:5c:e1:75:19:08:ae:e5:
         01:9a:7b:4e:cb:7c:1b:5b:69:52:64:0b:ff:6e:0f:2b:5a:27:
         2b:bf:3b:a3:e1:01:85:2f:ca:02:22:30:60:10:7e:2d:9a:58:
         26:9b:0c:c4:ad:b4:aa:cd:05:e9:a5:26:7d:61:ec:82:2a:45:
         64:34:eb:02:95:d0:44:15:49:03:a3:e8:59:e5:c0:f7:17:bd:
         68:88:cf:ef:5a:34:16:26:95:d6:23:f8:9f:49:14:8d:06:19:
         e5:8e:13:c4:5c:5c:cb:f8:60:4c:32:05:52:b6:12:9c:73:2e:
         56:36:3e:d4:05:e2:8a:e9:18:63:ae:e4:8b:a7:61:e7:11:86:
         56:9d:06:ae:5c:dc:f6:20:3c:d8:58:51:16:0d:d0:5a:96:9e:
         aa:fb:55:a1:4d:1e:dc:60:56:86:75:ce:9a:7b:a8:ca:c2:f3:
         16:d1:8e:5f:a4:f4:98:97:cc:f0:c1:e3:d3:5f:ac:72:6f:56:
         f3:d1:84:f1

3. Verify a CSR


Command:

openssl req -in example.csr -noout -text -verify

Output:

# openssl req -in example.csr -noout -text -verify
verify OK
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=IN, ST=MH, L=MUMBAI, O=EXAMPLE, OU=TESTUNIT, CN=example.com/emailAddress=user@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e5:19:21:50:b7:4b:11:e2:42:42:ff:7f:4d:b5:
                    32:8d:34:e6:c8:44:44:8f:a5:70:01:64:ca:10:ac:
                    7d:28:a5:94:4e:16:0b:0d:1c:cb:b5:63:6f:3f:b4:
                    c2:31:cc:43:6b:ca:d3:d1:b8:e7:26:b0:0f:91:c0:
                    cc:9d:f4:a5:23:ac:b6:52:5e:83:53:c0:65:49:42:
                    cc:94:da:02:08:eb:a7:e7:a1:71:ce:21:a4:c7:9b:
                    a6:0f:fd:ae:0a:b9:83:03:5b:88:cb:97:94:ee:80:
                    da:a1:e1:38:d9:fd:c3:f8:70:3b:81:e1:d1:04:ba:
                    ae:d7:df:76:01:92:d5:47:f0:e3:31:89:e9:7c:3f:
                    c3:61:f1:c5:3a:c4:14:11:67:2b:9b:96:e5:90:c3:
                    05:fa:84:c8:82:94:e2:a4:1c:a3:08:cf:1e:78:97:
                    54:09:dc:48:95:63:59:f4:37:8e:10:e0:02:11:ef:
                    1c:d4:2d:8d:5b:82:14:96:76:fa:a2:e1:3b:bc:f0:
                    d2:61:fd:7c:b6:c2:15:af:c9:b2:62:37:ba:3c:77:
                    83:f9:ab:13:fd:fa:e1:e3:15:67:8b:70:c7:75:c3:
                    61:b9:df:07:6c:00:bb:e9:84:45:1c:99:de:05:c2:
                    b1:22:65:38:c7:26:84:c8:23:3f:21:f0:44:a1:aa:
                    ad:21
                Exponent: 65537 (0x10001)
...
...

4. Verify a pem file


Command:

openssl pkcs12 -in example.p12 -info

Output:


# openssl pkcs12 -in example.p12 -info
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
    localKeyID: 6C B6 C7 C8 85 56 86 38 46 A8 C9 27 0F 7A 72 8D A8 D5 C7 CF 
subject=/C=IN/ST=MH/L=MUMBAI/O=EXAMPLE/OU=TESTUNIT/CN=example.com/emailAddress=user@example.com
issuer=/C=IN/ST=MH/L=MUMBAI/O=EXAMPLE/OU=TESTUNIT/CN=example.com/emailAddress=user@example.com
-----BEGIN CERTIFICATE-----
MIIDjDCCAnQCCQCZctLzit9LpjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC
SU4xCzAJBgNVBAgMAk1IMQ8wDQYDVQQHDAZNVU1CQUkxEDAOBgNVBAoMB0VYQU1Q
TEUxETAPBgNVBAsMCFRFU1RVTklUMRQwEgYDVQQDDAtleGFtcGxlLmNvbTEfMB0G
CSqGSIb3DQEJARYQdXNlckBleGFtcGxlLmNvbTAeFw0xODA4MDIxNTI0MjJaFw0x
OTA4MDIxNTI0MjJaMIGHMQswCQYDVQQGEwJJTjELMAkGA1UECAwCTUgxDzANBgNV
BAcMBk1VTUJBSTEQMA4GA1UECgwHRVhBTVBMRTERMA8GA1UECwwIVEVTVFVOSVQx
FDASBgNVBAMMC2V4YW1wbGUuY29tMR8wHQYJKoZIhvcNAQkBFhB1c2VyQGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5RkhULdLEeJC
Qv9/TbUyjTTmyEREj6VwAWTKEKx9KKWUThYLDRzLtWNvP7TCMcxDa8rT0bjnJrAP
kcDMnfSlI6y2Ul6DU8BlSULMlNoCCOun56FxziGkx5umD/2uCrmDA1uIy5eU7oDa
oeE42f3D+HA7geHRBLqu1992AZLVR/DjMYnpfD/DYfHFOsQUEWcrm5blkMMF+oTI
gpTipByjCM8eeJdUCdxIlWNZ9DeOEOACEe8c1C2NW4IUlnb6ouE7vPDSYf18tsIV
r8myYje6PHeD+asT/frh4xVni3DHdcNhud8HbAC76YRFHJneBcKxImU4xyaEyCM/
IfBEoaqtIQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBvp6MetgOlXC2SbOCz7oxe
XQhAsIzxoxb57uzkGK3fnyE/Bdj+08IscosO2+2CGyS0v/hKAql+aoiCb/TBS3CP
E1zhdRkIruUBmntOy3wbW2lSZAv/bg8rWicrvzuj4QGFL8oCIjBgEH4tmlgmmwzE
rbSqzQXppSZ9YeyCKkVkNOsCldBEFUkDo+hZ5cD3F71oiM/vWjQWJpXWI/ifSRSN
BhnljhPEXFzL+GBMMgVSthKccy5WNj7UBeKK6RhjruSLp2HnEYZWnQauXNz2IDzY
WFEWDdBalp6q+1WhTR7cYFaGdc6ae6jKwvMW0Y5fpPSYl8zwwePTX6xyb1bz0YTx
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    localKeyID: 6C B6 C7 C8 85 56 86 38 46 A8 C9 27 0F 7A 72 8D A8 D5 C7 CF 
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQISSIn7yGZN+8CAggA
MBQGCCqGSIb3DQMHBAhxEHorIofSVwSCBMjM/SBuC6Qeh9LE6YcLuWleYSC/21Yi
52i/UW81AbSqVcFU7zkgB4ro/1s/WWdrFiohpSXhZUq3/kXoPJlXrU5yQK0zoDaE
Lxz/EHb1KH2TXiLhyIPEB/LL8kVMHIQm7SO94p2Gl3JuP4j1hmxtQwlDpmCc3ewh
7GEK6a5ggazfUhMY6nim9Sx8qe7pHCApFYo72FTl/KlhzexKso1JexsCkc7chD5j
87fcW62+L9dI7SgarGabXtzSlpUQ+TW3Wz16ix2TE0t31DAlDuuK5Qpcv91gIuBB
AL00QGWUQg92WA+4KZJ4WoLYqKgDrgOyWCgrMg2Z+2hhcpjV29hE5D5uWJRdoIz5
tvkrTk8+M/xfs3gfB52ahGO1ttS9zqnffo81xshCPI9d2cU4uFN0sa7hH31rrxtz
Cp4GYWtmxoA7nBg8pyiwk5iQLRwUMDkAN6XtL5uVewhjwmn2Bsv2ouHUJi4mD3D9
zZcYYvbTKKQ7gJ/8gy6/trtuSMcW3tgDGCwpkaRl7YEsXNYkVd2k5jSqAoLLy0tL
M9uGahD76MDq4XVTl3BH7Qt2vVnTqtEaPPue8nBTSnULFhHBy+ZYmmWtZImWsp2C
tYxST09n/MLhm1hkBC7STmJJlaubEdjDy2zPLF0ONwy522xHjqcOQyd/RwoU0hVe
rqR//fmGEHD3Hd/dANMDmvcDwDtsHMJm09WmF2qt23M7MzGI1HGj1/ZPbRG5vxrd
LVP1rd5nFMwJED5xQRlbDw7E8Qxu1pEEeyFDs9uYcE8lmyCzwqmzCPkkT0rwPzNa
e2jLiI2dnBVJbJj9Ti4UuPyCYo3bjqkfksa9sY/EAUrB2Hgs0LA1xCTuHeRfBDfV
yYf5izdIrmtzqDPbNgY0Jel20KRPXqN4JVSaZ9ANQOPQvCFSIywQAZm//jJSXjNY
fTpVYSTV/tvgESYe2lYME9Vfl/10n2pt92NUI+8zIWgG1t2Ad+bSn/M1WIv4oXPb
OEhti+Y0VfhcAnOiP5p1rKTc3ftVlYhnJ0ug6Yw5E0Xj4Nfnewu/JFSumg95Lw/T
eICm/Lzt6f6zldsNlCW9qxBaHosCDr5QZlYQYTSAOQzCn0+K0KZL46jN7NoAYvUD
tjkHLkJDxhP6wXMa5Bdz4XCHnUeS4VSoe2ZGSwVwNYs8c4P00VjutAovmNFL5wQx
rUuadq3L0EOja02/25qmtl/xAtgZd87k7hwCz+Ux3BduclTF2P5Ge2bk4x6uaX4p
jwY5R8Crm20cxhyLXP1QEXUq9rlo0qXi48m/ll7diH4ipRDcryUT8p9odrw1O534
UVJtu8oQNErvZsHLJZTWvyQ97KthKCzWsBePI3F4gI9k8YBQ4TK3vKZ2iPVdMHO6
h9yMoihYKFyYzN02SRdqGHdYkM39dN169bUjykgYpdXuVIoXXuHyIn6tmx7TDtyi
/qWFa2jgK8zJmU1ytv06KPzYyQx3EhqDiNCrmJXyqXa8/QETKs9PnSCcDgtp3aLC
vsXS6s+pH0jlt14aY05aJOj15dlsgBztMQ2h1alKm2P6WkbduN2BXdBwv/CGS46U
fBckbGkbGufmT7vpIUyzDvWR0G7Lj26jqJecJF9v3+gxud+r/U1Sk1XMyl77yryp
mQA=
-----END ENCRYPTED PRIVATE KEY-----


0 comments:

Post a Comment