OpenSSL Cheat Sheet

Basics

General commands to analyze a certificate.

Test a TLS connection

openssl s_client -connect example.net:443

Get the certificate from a web endpoint

openssl s_client -showcerts -connect example.net:443 

Check whether the private key of a certificate, key and CSR match

openssl rsa -noout -modulus -in example.key | openssl sha256
openssl x509 -noout -modulus -in example.crt | openssl sha256
openssl req -noout -modulus -in example.csr | openssl sha256


Handling keys

Decrypt a RSA private key

openssl rsa -in   -out