Usefull OpenSSL Commands
Match Your SSL & Private Key Pairs
If you're renewing your SSL certificate or are managing multiple SSL certificates, you might get confused. Therefore, you must verify which CSR or Private Key belongs to which certificate. You can easily do that on your computer by running OpenSSL commands below
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
Convert SSL
OpenSSL Commands to Convert SSL/TLS Certificates on Your Machine
Sometimes, itβs necessary for you to convert SSL certificate file format. The following series of OpenSSL commands allows you to convert SSL certificate in various formats on your own machine.
OpenSSL commands to Convert PEM file
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
Convert PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
OpenSSL commands to Convert DER file
Convert DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
OpenSSL commands to Convert P7B file
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Convert P7B to PFX
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
OpenSSL commands to Convert PFX file
Convert PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes