How to verify Key, CSR and Certificate match
openssl x509 -noout -modulus -in vettom.crt | openssl md5 #Hash of cert
openssl rsa -noout -modulus -in vettom.key | openssl md5 #Hash of Key
openssl req -noout -modulus -in vettom.csr | openssl md5 #Hash of csr
Open ssl Generate SAN Certificate request
Create sample.com.cnf file with necessary data
cat > sample.cnf << EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C=GB
ST=London
L=London
O=AVettom PLC
CN = www.sample.com
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = *.sample.com
DNS.2 = anotherdomain.com
EOF
Create CSR using the configuration file
openssl req -new -sha256 -nodes -out sample.csr -newkey rsa:2048 \
-keyout sample.key -config sample.cnf
Generate self signed Certificate
openssl req \ -newkey rsa:2048 -nodes -keyout vettom.key \
-x509 -days 365 -out vettom.crt
Print Certificate/csr information
openssl req -in sample.csr -text -noout
openssl x509 -in vettom.crt -text -noout
Check certificate using openssl
openssl s_client -showcerts -connect domain.com:443
PFX file extract Private and Public key
openssl pkcs12 -info -in cert.pfx
Export the private key from Pfx:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
Export certificate from Pfx
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Remove the passphrase from the private key:
openssl rsa -in key.pem -out server.key
Creating pfx file with chain
Prepare Private Key, Cert and chin in PEM format
openssl pkcs12 -export -out newpfxcert.pfx -inkey private.key -in cert.cer \
-certfile chain.cer