Useful commands to generate or convert certificates and password keys

F.A.Q
1

Removing the password from a key:

openssl rsa -in CertificateNameWithPassword.key -out CertificateNameNoPassword.key

Checking the certificate key information:

openssl rsa -noout -text -in senhasegura.dominio.com.br.key

For automatic redirection from HTTP to HTTPS, uncomment the /etc/nginx/sites-enabled/senhasegura file:

if ($remote_addr != '127.0.0.1') {
return 301 https://$http_host$request_uri
}

Verifying subscription request information:

openssl req -noout -text -in senhasegura.dominio.com.br.csr

Commands for Testing Certificates

openssl rsa -noout -text -in certificate.key
openssl req -noout -text -in certificate.csr
openssl x509 -noout -text -in certificate.crt

Check do MD5 checksum:

Use to validate that the certificate matches the key.

Remark: The command output must be the same in both commands.

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in certificate.key | openssl md5
openssl req -noout -modulus -in certificate.csr | openssl md5

Certificate Bundle:

cat certificado.crt bundle.ca-bundle >> certificado-bundle.crt

Certificate conversion

x509 to PEM:

# openssl x509 -in certificate.cer -outform PEM -out certificate.pem

PEM to DER:

# openssl x509 -outform der -in certificatename.pem -out certificatename.der

DER to PEM:

# openssl x509 -inform der -in certificatename.der -out certificatename.pem

PEM to P7B:

# openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer

PKCS7 to PEM:

# openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem

PFX to PEM:

# openssl pkcs12 -in certificatename.pfx -out certificatename.pem

PFX to PKCS:

Convert PFX to PEM

# openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem

Convert PEM to PKCS8

# openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8

P7B to PFX:

Convert P7B to CER

# openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer

Convert CER and private key to PFX

# openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer

PEM to CER:

openssl x509 -inform PEM -in cacert.pem -outform DER -out certificate.cer

CER to CRT:

openssl x509 -inform DER -in certificate.cer -out certificate.crt

PEM to KEY

openssl rsa -in certificatename.pem -out certificatename.key