Welcome to the ultimate OpenSSL certificate guide
OpenSSL is an open source toolkit for implementing the SSL and TLS protocols as well as a general cryptography toolkit. It offers a variety of commands for generating and managing certificates, private keys and other cryptographic elements. This article presents the most common OpenSSL commands with corresponding examples.
The article contains both the older and the new commands (OpenSSL ≥ 3.0). The new commands are recommended in newer OpenSSL versions, especially if you need to work with different algorithms (e.g. elliptic curve keys, DSA keys, etc.).
Further reading:
- BSI - Technical Guideline TR-02102-1 - Cryptographic methods: Recommendations and key lengths - Part 1 (German)
- BSI - Technical Guideline TR-02102-2 - Cryptographic methods: Recommendations and key lengths - Part 2: Use of Transport Layer Security (German)
- BSI - Technical Guideline TR-02102-3 - Cryptographic methods: Recommendations and key lengths - Part 3: Use of Internet Protocol Security (IPSec) and Internet Key Exchange (IKEv2) (German)
- BSI - Technical Guideline TR-02102-4 - Cryptographic methods: Recommendations and key lengths - Part 4: Use of Secure Shell (SSH) (German)
- BSI TR-03111 Elliptic Curve Cryptography (ECC) (English)
OpenSSL
All commands etc. presented in this OpenSSL certificate manual are carried out with OpenSSL, a free software for TLS (then SSL). We recommend using the latest version. At the time of writing this article, this is version 3.3.2, which was released on 03.09.2024. If you already have OpenSSL installed, you can easily check the version:
openssl version
Issue:
OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)
If you have not yet installed OpenSSL, you can obtain it from the following sites:
Windows: https://slproweb.com/products/Win32OpenSSL.html*
Linux: https://openssl-library.org/source/index.html or via the package manager of your distribution (APT, YUM etc.)
GitHub: https://github.com/openssl/openssl
Of course, you can also compile your own build under Linux using make, but we will not go into this in this article.
* This is not the official OpenSSL website, as OpenSSL itself does not provide precompiled packages for Windows.
Certificate types
SSL/TLS
SSL/TLS certificates are used to enable secure connections (HTTPS) between a web browser (client) and a web server. They guarantee encryption and authentication to ensure that communication is secure and trustworthy.
Certificates differ firstly in the way in which validation is carried out:
- Domain Validated (DV): This certificate only validates the domain. It checks whether the applicant has control over the domain, but does not require a deeper identity check. Validation is usually carried out by replying to an e-mail sent by the certification authority to admin@, administrator@, hostmaster@ or postmaster@. Alternatively, a TXT entry specified by the certification authority can be set in the DNS. It is one of the most commonly used certificates, especially for small websites.
- Organization Validated (OV): In contrast to the DV certificate, the identity of the organization is also checked. This is done by submitting an extract from the commercial register.
- Extended Validation (EV): These certificates are subject to a strict review. Applicants must fulfill criteria such as: Domain, domain owner, identity, postal address, legal status, operational existence. EV certificates are available for large companies, banks, registered associations and public authorities.
Furthermore, there are different types of SSL/TLS certificates (most of these types can be obtained as DV, OV or EV):
- Single certificate: This certificate secures a single domain, e.g. it-tech.wiki. The www. subdomain is often also secured free of charge.
- Multidomain certificates (MDC): Several domains, so-called SANs (Subject Alternative Names), can be secured here. Up to 100 different domains and subdomains can be specified.
- Unified Communication (UC) certificates: This is a special version of multidomain certificates. It was originally designed for Microsoft Exchange and Microsoft Office Communication Server.
- Wildcard certificates: A wildcard certificate can secure any number of subdomains of a level. This means, for example, that you can secure forum.it-tech.wiki, blog.it-tech.wiki, store.it-tech.wiki etc., but not de.blog.it-tech.wiki or static.cdn.it-tech.wiki. Even the domain itself, it-tech.wiki, is not technically part of this. However, some certification authorities often offer a second SAN free of charge, so that it-tech.wiki can also be secured with the wildcard certificate in addition to *.it-tech.wiki. Multi-level wildcard certificates (*.*.it-tech.wiki) are not available (although some browsers have support for this on board).
- Multidomain wildcard certificates: As the name suggests, this certificate offers the advantages of a wildcard certificate paired with those of a multidomain certificate. These generally secure the TLDs, i.e. it-tech.wiki and e.g. it-tech.store, but also all subdomains of the second level, e.g. de.it-tech.wiki, cdn.it-tech.wiki, mail.it-tech.store, support.it-tech.store etc.
E-mail certificates (S/MIME)
S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates are used to sign and encrypt emails. The digital signature guarantees the authenticity and integrity of the email, i.e. ensures that it has not been tampered with. Encryption also ensures that only the addressed recipient can decrypt and read the message.
There are also different forms of validation for e-mail certificates:
- E-mail validated (DV): This variant only checks whether the applicant has access to the e-mail address, e.g. by calling up a link sent to the e-mail address or entering a code received at the certification authority.
- Individual Validated (IV): Like DV certificates, but the name of the applicant is also included in the certificate. The identity of the applicant is verified with an official ID document and, if necessary, video verification.
- Organization validated (OV): The validation process corresponds to that of an organization-validated SSL/TLS certificate. In addition to the person, the organization (extract from the commercial register, tax documents, etc.) is also checked.
Further certificates
There are also many other formats, e.g. code signing certificates to create software signatures, client certificates to ensure the authentication of users and devices, document signing certificates to digitally sign digital documents (e.g. PDFs) and, of course, intermediate and root certificates. However, we will not go into these in detail in this article.
Certificate formats
Format | Coding | Use | contains private key | contains certificate chain | Password protection | Platform1 | File extension |
---|---|---|---|---|---|---|---|
PEM | Base64 (ASCII) | Certificates, private keys, certificate chains | Yes (if available) | Yes | No | Apache, Nginx, OpenSSL | PEM (CER, CRT), KEY |
THE | Binary | Certificates, private keys | Yes (if available) | Yes | No | Java, Windows | DER (CER, CRT) |
PKCS#7 | Base64 or binary | Certificates, Certificate chains | No | Yes | No | Java, Windows, Exchange | P7B, P7C |
PKCS#12 | Binary | Certificates, private keys | Yes | Yes | Yes | Windows, macOS, Exchange | P12, PFX |
- incomplete list, only exemplary ↩︎
General information
Establishment of a certificate chain
A certificate chain contains several certificates within one file. These are usually in PEM format and have the following format:
-----BEGIN CERTIFICATE-----
... (Zertifikat) ...
------END CERTIFICATE------
-----BEGIN CERTIFICATE-----
...(Zwischenzertifikat) ...
------END CERTIFICATE------
-----BEGIN CERTIFICATE-----
... (Root-Zertifikat) ...
------END CERTIFICATE------
Private keys with RSA
Overview of RSA keys
RSA key | Bit size (key length) | Security level (in bits) | Description |
---|---|---|---|
RSA 1024 | 1024 | ~80 | Unsafe, no longer recommended |
RSA 2048 | 2048 | ~112 | Standard for many applications |
RSA 3072 | 3072 | ~128 | Higher security level |
RSA 4096 | 4096 | ~152 | Very high safety requirements |
RSA 7680 | 7680 | ~192 | Equivalent to the safety of the ECC curve secp384r1 |
RSA 15360 | 15360 | ~256 | Equivalent to the highest security of secp521r1 and brainpoolP512r1 |
Generating a private key with RSA
openssl genpkey -algorithm RSA -out private_key.pem
openssl genrsa -out private.pem
These commands create an RSA key with the standard size of 2048 bits.
Parameters | Meaning |
---|---|
-out | Specifies the file to which the key is written |
-algorithm | Encryption algorithm (RSA, EC, etc.) |
Generate a private key of a specific length with RSA
If you need a key of a different size, you can pass this as a parameter and thus generate a key with a specific length. In the following example, we create a private key with a length of 4096 bits:
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
openssl genrsa -out private.pem 4096
Parameters | Meaning |
---|---|
-out | Specifies the file to which the key is written |
-algorithm | Encryption algorithm (RSA, EC, etc.) |
-pkeyopt rsa_keygen_bits | The key length in bits (here: 4096 bits) |
Private keys with elliptic curves (ECDSA)
The advantage of elliptic curves are the significantly shorter keys compared to their equivalent RSA keys with the same level of security. This makes them particularly efficient, as less computing power and memory is required for the same level of security.
For keys with elliptical curves, the key length is not defined by specifying the length in bits, as with RSA, but by selecting the corresponding curve.
Overview of the most important elliptical curves
Curve name | Bit size (key length) | Security level (in bits) | Equivalent RSA key length | Description |
---|---|---|---|---|
secp160r1 | 160 | ~80 | 1024 | Used in some older standards |
secp192r1 (prime192v1) | 192 | ~96 | 1536 | Known as NIST P-192, standard curve |
secp224r1 | 224 | ~112 | 2048 | NIST P-224, medium security level |
secp256r1 (prime256v1) | 256 | ~128 | 3081 | NIST P-256, widely used and recommended |
secp384r1 | 384 | ~192 | 7680 | NIST P-384, high security level |
secp521r1 | 521 | ~256 | 15360 | NIST P-521, offers maximum security |
brainpoolP160r1 | 160 | ~80 | 1024 | Brainpool curve for special applications |
brainpoolP192r1 | 192 | ~96 | 1536 | Brainpool alternative to NIST P-192 |
brainpoolP224r1 | 224 | ~112 | 2048 | Brainpool alternative to NIST P-224 |
brainpoolP256r1 | 256 | ~128 | 3072 | Brainpool alternative to NIST P-256 |
brainpoolP320r1 | 320 | ~160 | 5120 | Brainpool for applications with higher requirements |
brainpoolP384r1 | 384 | ~192 | 7680 | Brainpool alternative to NIST P-384 |
brainpoolP512r1 | 512 | ~256 | 15360 | Brainpool for the highest security requirements |
curve25519 | 256 | ~128 | 3072 | Used for modern cryptographic protocols (Schnorr signatures) |
curve25519 | 448 | ~224 | 7680 | Offers greater security than Curve25519 |
List of all supported curve parameters
openssl ecparam -list_curves
Generating a private key with ECDSA
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out private_key_ecdsa.pem
openssl ecparam -genkey -name prime256v1 -out private_key_ecdsa.pem
Parameters | Meaning |
---|---|
-name | Name of the elliptical curve to be used |
-out | Specifies the file to which the key is written |
-algorithm | Encryption algorithm (RSA, EC, etc.) |
-pkeyopt ec_paramgen_curve | Defines the elliptical curve (here: prime256v1) |
Generating a certificate request
Attribute | Meaning |
---|---|
C | Country (Country Name) |
ST | State or province (State) |
L | City or town (Locality) |
O | Organization |
OU | Department (Organization Unit) |
CN | "common name" = domain name (common name) |
DNS.X | Domain name and other SANs (Subject Alternative Names), e.g. subdomains etc. |
CSR with parameters
During execution, you will be asked to enter various information. For the Common Name (CN) query, enter the domain name, e.g. it-tech.wiki or *.it-tech.wiki for a wildcard certificate.
# Generiere einen privaten Schlüssel
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
# Erstelle eine CSR mit interaktiver Eingabe
openssl req -new -key private_key.pem -out request.csr
# Generiere einen privaten Schlüssel
openssl genrsa -out private_key.pem 2048
# Erstelle eine CSR mit interaktiver Eingabe
openssl req -new -key private_key.pem -out request.csr
Parameters | Meaning |
---|---|
-new | Creates a new CSR |
-key | Path and file name of the private key to be used |
-out | Specifies the file to which the CSR is written |
CSR with a configuration file
[req]
prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
C = DE
ST = NRW
L = Duisburg
O = IT-Tech
OU = IT
CN = *.it-tech.wiki
Now use the configuration file to create a private key (if not already available) and the CSR.
# Generiere einen privaten Schlüssel
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
# Erstelle die CSR mit der Konfigurationsdatei
openssl req -new -key private_key.pem -out request.csr -config req.conf
# Generiere einen privaten Schlüssel
openssl genrsa -out private_key.pem 2048
# Erstelle den CSR mit der Konfigurationsdatei
openssl req -new -key private_key.pem -out request.csr -config req.conf
Parameters | Meaning |
---|---|
-new | Creates a new CSR |
-key | Path and file name of the private key to be used |
-out | Specifies the file to which the CSR is written |
-config | Path and file name of the configuration file to be used |
CSR with one configuration file and multiple SANs
[req]
prompt = no
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
C = DE
ST = NRW
L = Duisburg
O = IT-Tech
OU = IT
CN = *.it-tech.wiki
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.it-tech.wiki
DNS.2 = it-tech.wiki
Use the notation *.domain.tld for so-called wildcard certificates. Many certificate providers secure an additional SAN free of charge, in this case it is highly recommended to specify the domain (domain.tld) yourself (see example above).
The command for generating the private key and the CSR are identical to 2.2.
CSR with ECDSA and SANs
# Generiere einen ECDSA-Schlüssel
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out private_key_ecdsa.pem
# Erstelle einen CSR mit der Konfigurationsdatei
openssl req -new -key private_key_ecdsa.pem -out request_ecdsa.csr -config req.conf
# Generiere einen ECDSA-Schlüssel
openssl ecparam -genkey -name prime256v1 -out private_key_ecdsa.pem
# Erstelle einen CSR mit der Konfigurationsdatei
openssl req -new -key private_key_ecdsa.pem -out request_ecdsa.csr -config req.conf
Convert private keys and certificates
PEM to THE
openssl x509 -in cert.pem -outform der -out cert.der
DER to PEM
openssl x509 -in cert.der -inform der -out cert.pem -outform pem
PEM to PKCS12
openssl pkcs12 -export -out cert.p12 -inkey private_key.pem -in cert.pem -certfile chain.pem
The parameter -certfile
for specifying intermediate certificates is optional.
If you also want to include the root certificate, add it to the chain in the chain.pem file.
PKCS12 to PEM
openssl pkcs12 -in cert.p12 -out cert.pem -nodes
Parameters | Meaning |
---|---|
-in | Path and file name of the source certificate |
-inform | Format of the source certificate |
-out | Path and file name in which the new certificate is to be written |
-outform | Target format (der, pem) |
-certfile | Path and file name of intermediate certificates (optional) |
-nodes | The private key should not be encrypted (= No DES) |
Check private keys and certificates
Checking a private key
openssl pkey -in private_key.pem -check
openssl rsa -in private_key.pem -check
Checking a certificate
openssl x509 -in cert.pem -text -noout
Checking a CSR
openssl req -in request.csr -text -noout
Check whether a private key, a certificate and a CSR match
To check whether a private key, a certificate and a CSR match, you can perform a comparison with OpenSSL. This works by comparing the "modulus" of all files. It is important that you use the correct format for each file. The private key must be in PEM format, for example, and the CSR should also be in a standardized format such as PEM.
First you have to check the modulus of the private key:
openssl rsa -noout -modulus -in privkey.pem | openssl md5
Then extract the modulus of the certificate:
openssl x509 -noout -modulus -in cert.pem | openssl md5
Now show the modulus of the CSR:
openssl req -noout -modulus -in request.csr | openssl md5
All three MD5 hashes should be identical if the private key, the certificate and the CSR match. If one of the values is different, then something is wrong.
Signing certificates
Create a self-signed certificate
openssl req -new -x509 -key private_key.pem -out cert.pem -days 365
Parameter name | Meaning |
---|---|
-key | File path and name of the private key to be used |
-out | File path and name for output file (certificate) |
-days | Validity period in days |
Signing a certificate using a CA
openssl x509 -req -in request.csr -CA ca_cert.pem -CAkey ca_key.pem -CAcreateserial -out cert.pem -days 365
Parameter name | Meaning |
---|---|
-in | File containing the CSR |
-CA | Specifies the certificate of the certification authority(Certificate Authority) |
-CAkey | Specifies the private key of the certification authority (CA) to be used for signing |
-CAcreateserial | Creates a file containing the serial number of the issued certificate (default name: ca_cert.srl). It is not possible to omit the parameter. Since the serial number for each certificate must be unique for each issuer, an issuer, in this case you, must keep track of which serial numbers it has used previously to ensure that it does not reuse any. OpenSSL offers you an easy way to track this with the help of a serial number file. |
-out | File path and name for output file (certificate) |
-days | Validity period in days |
Manipulating keys
Extract private key from a PEM file
openssl pkey -in cert_and_key.pem -out private_key.pem
openssl rsa -in cert_and_key.pem -out private_key.pem
Parameter name | Meaning |
---|---|
-in | Certificate file |
-out | File path and name for output file (private key) |
Extract private key from a PFX/P12 file (PKCS12)
openssl pkcs12 -in file.pfx -nocerts -out private_key.pem -nodes
Parameter name | Meaning |
---|---|
-in | Path to the PFX/P12 file whose private key is to be extracted |
-out | Path to the output file in which the extracted private key is written |
-nocerts | Extract only the private key, without the corresponding certificate |
-nodes | Store private key unencrypted |
Protect private key with a passphrase
openssl pkey -in private_key.pem -aes256 -out encrypted_key.pem
openssl rsa -in private_key.pem -des3 -out encrypted_key.pem
Parameter name | Meaning |
---|---|
-in | File with the private key |
-out | Output file in which the encrypted private key is stored |
-aes256 | encrypts the private key with AES-256 |
-des3 | encrypts the private key using the Triple DES (3DES) algorithm |
Remove passphrase from a private key
openssl pkey -in encrypted_key.pem -out unencrypted_key.pem
openssl rsa -in encrypted_key.pem -out unencrypted_key.pem
Parameter name | Meaning |
---|---|
-in | File with the private key to be removed |
-out | Output file in which the decrypted private key is stored |
Miscellaneous
Display certificate chain of a website
openssl s_client -connect it-tech.wiki:443 -showcerts
Parameter name | Meaning |
---|---|
openssl s_client | Establish SSL/TLS connection to a server |
-connect | Establishes a connection to the specified domain via port 443 (HTTPS). |
-showcerts | Displays all certificates in the certificate chain |
Appendix
Abbreviations
Abbreviation | Explanation |
---|---|
BSI | Federal Office for Information Security - German authority for IT security. |
CER | Certificate - Certificate format, often used as a file extension for certificates. |
CN | Common Name - The "general name" in the certificate, often the domain name or the name of the owner. |
CRT | Certificate - File extension for a certificate in PEM or DER format. |
CSR | Certificate Signing Request - Certificate request that is sent to a certification authority (CA). |
DES | Data Encryption Standard - An outdated symmetric encryption algorithm. |
DSA | Digital Signature Algorithm - An algorithm for generating digital signatures. |
DP | Domain Validation - Certificate type that validates the domain ownership. |
ECC | Elliptic Curve Cryptography - A cryptographic method based on elliptic curves. |
ECDSA | Elliptic Curve Digital Signature Algorithm - An algorithm for generating digital signatures based on elliptic curves. |
EV | Extended Validation - Certificate with extended validation, which requires particularly strict tests. |
HTTPS | Hypertext Transfer Protocol Secure - Secure HTTP protocol for encrypted data transfer. |
IV | Individual Validation - Certificate type in which the identity of an individual person is validated. |
MDC | Multi-Domain Certificate - Certificate that can secure multiple domains. |
OV | Organization Validation - Certificate that verifies the identity of an organization. |
PEM | Privacy Enhanced Mail - A file format for certificates and keys, typically encoded in Base64. |
PFX | Personal Information Exchange - Format for storing certificates and private keys, often password-protected. |
PKCS | Public Key Cryptography Standards - Standards for cryptographic techniques, e.g. PKCS#12 for PFX files. |
RSA | Rivest-Shamir-Adleman - An asymmetric encryption and signature algorithm. |
S/MIME | Secure/Multipurpose Internet Mail Extensions - A standard for encrypting and signing e-mails. |
SAN | Subject Alternative Name - A field in certificates that contains alternative names (e.g. additional domains). |
SSL | Secure Sockets Layer - An outdated protocol for secure data transmission on the Internet. Predecessor of TLS. |
TLD | Top-level domain - The highest level of a domain, e.g. ".com" or ".de". |
TLS | Transport Layer Security - A cryptographic protocol for secure data transmission on the Internet. Successor to SSL. |
UC | Unified Communications - Certificates for Unified Communications applications, often to secure multiple services/domains. |