Check a CSR to see what paramaters were used when it was generated:
openssl req -in domain.csr -noout -textcheck CSR openssl
Reply
Category Archives: SSL
check SSL certificate from website
You can easily get the SSL certificate from a website from command line. To get the whole thing in text form:
# echo "quit" | openssl s_client -connect $1:443 2>/dev/null | openssl x509 -noout -text
# (long output)Also, individual attributes can be checked. Get some useful info by using -issuer or -enddate flags
# echo "quit" | openssl s_client -connect godaddy.com:443 2>/dev/null | openssl x509 -noout -issuer | cut -d '/' -f 5 | cut -d "=" -f2
GoDaddy.com, Inc.
#
#
#echo "quit" | openssl s_client -connect godaddy.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d "=" -f2
Nov 12 19:07:30 2014 GMT
#check if SSL Cert and Key are a pair
To verify an SSL Cert/Key pair make sure the modulus matches:
# diff <(openssl rsa -in fordodone.com.key -modulus -noout ) <(openssl x509 -in fordodone.com.crt -modulus -noout)No output means the key and cert are a pair.
generate SSL Certificate Signing Request
First generate a new 2048 bit key:
# openssl genrsa -out fordodone.com.key 2048I choose not to encrypt the key, because when reloading 240 apache servers, I don’t want to have to enter the passphrase each time. Now we use our key to generate a Certificat Signing Request.
# openssl req -new -key fordodone.com.key -out fordodone.com.csrTo inspect the CSR:
openssl req -in fordodone.com.csr -noout -textNow you can sign your own cert, or upload/paste the CSR to a 3rd party provider to issue an official SSL Certificate.