TLS Cheatsheet

Converting Between Formats¶

Convert a DER file (.crt .cer .der) to PEM¶

openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert a PEM file to DER¶

openssl x509 -outform der -in certificate.pem -out certificate.der

Generating Certificates¶

Generating a Root Cert¶

openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

Generating a Verification Cert¶

openssl genrsa -out verificationCert.key 2048 
openssl req -new -key verificationCert.key -out verificationCert.csr 
openssl x509 -req -in verificationCert.csr -CA ../ca/rootCA.pem -CAkey ../ca/rootCA.key -CAcreateserial -out verificationCert.pem -days 500 -sha256

Generating device cert¶

openssl genrsa -out $DEVICE_NAME.key 2048 
openssl req -new -key $DEVICE_NAME.key -out $DEVICE_NAME.csr 
openssl x509 -req -in $DEVICE_NAME.csr -CA ../../ca/rootCA.pem -CAkey ../../ca/rootCA.key -CAcreateserial -out $DEVICE_NAME.pem -days 500 -sha256

Checking Certificates¶

Check a Certificate Signing Request (CSR)¶

openssl req -text -noout -verify -in CSR.csr
Check a private key¶

openssl rsa -in privateKey.key -check
Check a certificate¶

openssl x509 -in certificate.crt -text -noout

Last update: 2023-03-28

TLS Cheatsheet

Converting Between Formats¶

Convert a DER file (.crt .cer .der) to PEM¶

Convert a PEM file to DER¶

Generating Certificates¶

Generating a Root Cert¶

Generating a Verification Cert¶

Generating device cert¶

Checking Certificates¶

Check a Certificate Signing Request (CSR)¶

Check a private key¶

Check a certificate¶