OpenSSL Cheat Sheet


General commands to analyze a certificate.

Test a TLS connection

openssl s_client -connect

Get the certificate from a web endpoint

openssl s_client -showcerts -connect </dev/null

Check whether the private key of a certificate, key and CSR match

openssl rsa -noout -modulus -in example.key | openssl sha256
openssl x509 -noout -modulus -in example.crt | openssl sha256
openssl req -noout -modulus -in example.csr | openssl sha256

Handling keys

Decrypt a RSA private key

openssl rsa -in <encrypted_private.key>  -out <decrypted_private.key>