OPENSSL Commands Cheatsheet — Essential Reference
OpenSSL is a robust, commercial-grade, full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library, providing a wide range of cryptographic functions.
Master OPENSSL with Top Reference Books
Level up your DevOps skills. Find the best guide books and cheatsheet references for your engineering stack.
Commands
| Command | Description | Example |
|---|---|---|
openssl genrsa |
Generates a new RSA private key. | openssl genrsa -out private.key 2048 |
openssl rsa |
Manages RSA private keys, including extracting public keys. | openssl rsa -in private.key -pubout -out public.key |
openssl req |
Generates a Certificate Signing Request (CSR) from a private key. | openssl req -new -key private.key -out server.csr -subj "/C=US/ST=NY/L=New York/O=Example Corp/CN=example.com" |
openssl x509 |
Manages X.509 certificates, including self-signing and viewing details. | openssl x509 -req -in server.csr -signkey private.key -out server.crt -days 365 |
openssl pkcs12 |
Creates or parses PKCS#12 files (often .pfx or .p12), which bundle private keys and certificates. | openssl pkcs12 -export -out certificate.pfx -inkey private.key -in server.crt -certfile ca.crt |
openssl s_client |
Connects to a remote host using SSL/TLS and displays certificate information. | openssl s_client -connect google.com:443 -showcerts |
openssl dgst |
Computes message digests (hashes) of files. | openssl dgst -sha256 -binary file.txt | openssl enc -base64 |
openssl enc |
Encrypts and decrypts files using various ciphers. | openssl enc -aes256 -salt -in plaintext.txt -out encrypted.enc -pass pass:mysecretpassword |
Pro Tips
- Always use strong passwords for private keys and PKCS#12 files.
- When generating keys, prefer higher bit lengths (e.g., 2048 or 4096 for RSA).
- Use `openssl verify` to check the validity of a certificate chain.
- For debugging SSL/TLS connections, `s_client` with `-debug` or `-state` can be very helpful.
- Be mindful of the output format; `-outform PEM` or `-outform DER` are common options.
Frequently Asked Questions
What is openssl used for?
OpenSSL is primarily used for generating and managing cryptographic keys, certificates, and Certificate Signing Requests (CSRs). It's also used for encrypting/decrypting data, computing hashes, and establishing secure network connections (SSL/TLS).
How do I install openssl?
OpenSSL is typically pre-installed on most Linux and macOS systems. On Debian/Ubuntu, you can install it with `sudo apt-get install openssl`. On macOS, it's available via Homebrew: `brew install openssl`. For Windows, you can download pre-compiled binaries from various sources or use a package manager like Chocolatey (`choco install openssl`).