comandos_openssl_utiles_para_certificados
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
comandos_openssl_utiles_para_certificados [2021/08/04 22:45] – busindre | comandos_openssl_utiles_para_certificados [2023/07/12 15:38] (current) – busindre | ||
---|---|---|---|
Line 53: | Line 53: | ||
Generar una solicitud de certificado csr (Certificate Signing Request) a partir de un certificado existente. | Generar una solicitud de certificado csr (Certificate Signing Request) a partir de un certificado existente. | ||
- | <code bash> | + | <code bash> |
Generar certificado autofirmado con SAN. (SHA-512 / RSA 4096 o EC). | Generar certificado autofirmado con SAN. (SHA-512 / RSA 4096 o EC). | ||
Line 86: | Line 86: | ||
# RSA | # RSA | ||
openssl req -x509 -nodes -sha512 -days 365 -newkey rsa:4096 -keyout privateKey.key -out certificate.crt -config req.cnf -extensions ' | openssl req -x509 -nodes -sha512 -days 365 -newkey rsa:4096 -keyout privateKey.key -out certificate.crt -config req.cnf -extensions ' | ||
- | # EC | + | # EC (Depende del cliente / navegador que conecte con el certificado, |
openssl req -x509 -nodes -sha512 -days 365 -newkey ec -pkeyopt ec_paramgen_curve: | openssl req -x509 -nodes -sha512 -days 365 -newkey ec -pkeyopt ec_paramgen_curve: | ||
+ | |||
+ | # Mensaje de Curl al acceder a un certificado https que usa EC. | ||
+ | # curl: (35) error: | ||
</ | </ | ||
Line 259: | Line 262: | ||
Convertir llaves DER (.crt .cer .der) al estandar PEM y viceversa. | Convertir llaves DER (.crt .cer .der) al estandar PEM y viceversa. | ||
- | <code bash> | + | <code bash># RSA |
- | openssl rsa -outform der -in certificate.pem -out certificate.der</ | + | openssl rsa -inform der -in certificate.cer -out certificate.pem |
+ | openssl rsa -outform der -in certificate.pem -out certificate.der | ||
+ | |||
+ | # EC PEM to DER | ||
+ | openssl ec -in certificate.der -inform DER -outform PEM -out certificate.pem | ||
+ | openssl ec -in certificate.pem -inform PEM -outform DER -out certificate.der | ||
+ | </ | ||
Convertir ficheros PKCS#12 (.pfx .p12) con llave privada y certificado a PEM. | Convertir ficheros PKCS#12 (.pfx .p12) con llave privada y certificado a PEM. | ||
Line 308: | Line 317: | ||
Obtener el "SPKI fingerprint" | Obtener el "SPKI fingerprint" | ||
- | < | + | < |
+ | openssl rsa -in file.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 | ||
+ | # EC | ||
+ | openssl ec -in file.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 | ||
+ | </ | ||
Obtener el "SPKI fingerprint" | Obtener el "SPKI fingerprint" | ||
Line 314: | Line 327: | ||
Obtener el "SPKI fingerprint" | Obtener el "SPKI fingerprint" | ||
- | < | + | < |
+ | openssl x509 -in file.crt -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 | ||
+ | # EC | ||
+ | openssl x509 -in file.crt -pubkey -noout | openssl ec -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 | ||
+ | </ | ||
Obtener el "SPKI fingerprint" | Obtener el "SPKI fingerprint" | ||
- | < | + | < |
+ | openssl s_client -servername www.busindre.com -connect www.busindre.com: | ||
+ | # EC | ||
+ | openssl s_client -servername www.busindre.com -connect www.busindre.com: | ||
+ | </ | ||
**Crear CSR / Firmar CSR multidominio** (SAN): [[crear_y_firmar_csrs_multidominio_san]] | **Crear CSR / Firmar CSR multidominio** (SAN): [[crear_y_firmar_csrs_multidominio_san]] |
comandos_openssl_utiles_para_certificados.1628109948.txt.gz · Last modified: 2021/08/04 22:45 by busindre