Removing the password from a key:
openssl rsa -in CertificateNameWithPassword.key -out CertificateNameNoPassword.key
Checking the certificate key information:
openssl rsa -noout -text -in senhasegura.dominio.com.br.key
For automatic redirection from HTTP to HTTPS, uncomment the /etc/nginx/sites-enabled/senhasegura file:
if ($remote_addr != '127.0.0.1') {
return 301 https://$http_host$request_uri
}
Verifying subscription request information:
openssl req -noout -text -in senhasegura.dominio.com.br.csr
Commands for Testing Certificates
openssl rsa -noout -text -in certificate.key
openssl req -noout -text -in certificate.csr
openssl x509 -noout -text -in certificate.crt
Check do MD5 checksum:
Use to validate that the certificate matches the key.
Remark: The command output must be the same in both commands.
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in certificate.key | openssl md5
openssl req -noout -modulus -in certificate.csr | openssl md5
Certificate Bundle:
cat certificado.crt bundle.ca-bundle >> certificado-bundle.crt
Certificate conversion
x509 to PEM:
# openssl x509 -in certificate.cer -outform PEM -out certificate.pem
PEM to DER:
# openssl x509 -outform der -in certificatename.pem -out certificatename.der
DER to PEM:
# openssl x509 -inform der -in certificatename.der -out certificatename.pem
PEM to P7B:
# openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer
PKCS7 to PEM:
# openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem
PFX to PEM:
# openssl pkcs12 -in certificatename.pfx -out certificatename.pem
PFX to PKCS:
Convert PFX to PEM
# openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem
Convert PEM to PKCS8
# openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8
P7B to PFX:
Convert P7B to CER
# openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
Convert CER and private key to PFX
# openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
PEM to CER:
openssl x509 -inform PEM -in cacert.pem -outform DER -out certificate.cer
CER to CRT:
openssl x509 -inform DER -in certificate.cer -out certificate.crt
PEM to KEY
openssl rsa -in certificatename.pem -out certificatename.key