kesto.de Cheatsheets

OpenSSL

Create self-signed certificate

openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/name.pem -keyout /etc/ssl/private/name.key

Display certificate fingerprint

openssl x509 -sha1 -in /etc/ssl/certs/name.pem -noout -fingerprint

Display expiry date

openssl x509 -enddate -noout -in /etc/ssl/certs/name.pem

Inspect PKCS12 key store

openssl pkcs12 -info -in example.p12 -noenc

Start SMTP TLS connection:

openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -starttls smtp -connect mail.example.org:25