3 posts

OpenSSL Cheat Sheat

I know I know, there are plenty of openssl cheat sheets out there already(( But as I keep using googling it again and again to find the most useful openssl commands I decided to do my own – the first version of the blog entries is already 3 years old actually. Another reason for creating the list is that I remember things better when I am writing the down.

Show contents of a certificate (( ))

openssl x509 -fingerprint -sha256 -noout -text -in

Show contents of a certificate request (CSR)

openssl req -text -noout -verify -in CSR.csr

OpenSSL HTTPS Client with SNIĀ (( ))

openssl s_client -connect -servername

Generate a CSR to send to an external CA

openssl req -new -newkey rsa:2048 -sha256 -nodes -out  -keyout  -subj "/C=US/ST=NY/L=NY/O=Roman Pertl/OU=Hostmaster/"

Generate a Self-Signed SSL Certificate

openssl req -x509 -nodes -days 365 -newkey rsa:4096 -sha256 -keyout -out -subj "/C=AT/ST=Korneuburg/L=Korneuburg/O=Pertl/OU=Hostmaster/CN=*"

Newer versions of browsers e.g. Chrome require to set the DNS alt attribute instead/additional of the CN field: ((

openssl req -x509 -nodes -days 365 -newkey rsa:4096 -sha256 -reqexts SAN -extensions SAN -config <(cat /System/Library/OpenSSL/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:*')) -keyout -out -subj "/C=AT/ST=Korneuburg/L=Korneuburg/O=Pertl/OU=Hostmaster/CN=*"

Generate a Self-Signed CA Root Certificate

openssl req -nodes -newkey rsa:4096 -x509 -sha256 -days 3650 -keyout rootCA.key -reqexts v3_req -extensions v3_ca -out rootCA.crt -subj "/C=AT/ST=Korneuburg/L=Korneuburg/O=Pertl/OU=Hostmaster/CN=pertl CA"

Generate custom dh param file

openssl dhparam -out 4096

Quickly create a (swap)file on linux

The traditional way for creating a linux swapfile would be using dd to create an empty file e.g.

dd if=/dev/zero of=/swapfile1 bs=1M count=2048

A faster way is to use “fallocate” e.g. (( ))

fallocate -l 2G /swapfile1

Don’t forget the usually procedure for swapfiles:

chmod 0600 /swapfile1
chown root:root /swapfile1
mkswap /swapfile1
swapon /swapfile1
# edit /etc/fstab to add the swapfile during boot

Running “backticks” commands on remote servers

Sometimes it’s necessary to run a complex command on a remote server witch also includes some “backticks”. Usually these commands are interpreted by the local shell so you need to use a little trick to force execution on the remote server:

ssh '( echo `echo "This Command is run on the remote server" ` )'

You need to use single quotes combined with brackets to use the backtick on the remote server.