openssl flags & options

s_client

Connect to a server and display its TLS certificate.

openssl s_client -connect example.com:443

openssl s_client -connect example.com:443 -servername example.com

req

Create certificate signing requests and self-signed certs.

openssl req -new -key server.key -out server.csr

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

x509

Display and manipulate X.509 certificates.

openssl x509 -in cert.pem -text -noout

openssl x509 -in cert.pem -enddate -noout

genrsa

Generate an RSA private key.

openssl genrsa -out private.key 4096

openssl genrsa -aes256 -out private.key 4096

enc

Encrypt or decrypt files with symmetric ciphers.

openssl enc -aes-256-cbc -salt -in file.txt -out file.enc

openssl enc -d -aes-256-cbc -in file.enc -out file.txt

dgst

Compute message digests and signatures.

openssl dgst -sha256 file.txt

openssl dgst -sha256 -sign private.key -out sig.bin file.txt

rand

Generate cryptographically secure random bytes.

openssl rand -hex 32

openssl rand -base64 24

verify

Verify a certificate against a CA bundle.

openssl verify -CAfile ca-bundle.crt cert.pem