fachinformatiker-wiki

it's easy when it's here

User Tools

Site Tools

Trace:
linux:verschluesselung:openssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:verschluesselung:openssl [2025/01/10 16:56] – [Nützliche Befehle] gsyslinux:verschluesselung:openssl [2025/05/06 11:48] (current) gsys
Line 1: Line 1:
 ====== OpenSSL ====== ====== OpenSSL ======
 +
 ===== Nützliche Befehle ===== ===== Nützliche Befehle =====
 <code> <code>
Line 71: Line 72:
  
 ===== Zertifikate konvertieren ===== ===== Zertifikate konvertieren =====
 +
 +==== Reihenfolge einer Chain ====
 +Optimal:
 +<code>
 +-----BEGIN CERTIFICATE-----
 +[Server Certificate]
 +-----END CERTIFICATE-----
 +-----BEGIN CERTIFICATE-----
 +[Intermediate certificate L1]
 +-----END CERTIFICATE-----
 +-----BEGIN CERTIFICATE-----
 +[Intermediate certificate L2]
 +-----END CERTIFICATE-----
 +</code>
 +Unnötig da Root in Browser/OS Cert store bereits enthalten:
 +<code>
 +-----BEGIN CERTIFICATE-----
 +[Server Certificate]
 +-----END CERTIFICATE-----
 +-----BEGIN CERTIFICATE-----
 +[Intermediate certificate L1]
 +-----END CERTIFICATE-----
 +-----BEGIN CERTIFICATE-----
 +[Intermediate certificate L2]
 +-----END CERTIFICATE-----
 +-----BEGIN CERTIFICATE-----
 +[Root Certificate]
 +-----END CERTIFICATE-----
 +</code>
 +https://success.qualys.com/support/s/article/000005824 \\
 +https://success.qualys.com/support/s/article/000003197
 +
 +==== Befehle ====
 +
 +''P12 == PFX'' \\
 +
 FIXME PEM vs CRT FIXME PEM vs CRT
 <code> <code>
Line 76: Line 113:
 cat cert.pem intermediate.pem > chain.pem                                          #cert+intermediate als bundle cat cert.pem intermediate.pem > chain.pem                                          #cert+intermediate als bundle
 cat root.pem intermediate.pem > ocsp-chain.pem                                     #ocsp chain (cert+intermediate) als bundle cat root.pem intermediate.pem > ocsp-chain.pem                                     #ocsp chain (cert+intermediate) als bundle
-openssl pkcs12 -in cert_bundle.p12 -nokeys -out cert_bundle.pem                    #p12 in pem with ca certs+openssl pkcs12 -in cert_bundle.p12 -chain -nokeys -out cert_bundle.pem             #p12 in pem with complete chain 
 +openssl pkcs12 -in cert_bundle.p12 -cacerts -nokeys -out cert_cacerts.pem          #p12 in pem only ca certs
 openssl pkcs12 -in cert_bundle.p12 -clcerts -nokeys -out cert.pem                  #p12 in pem without ca certs openssl pkcs12 -in cert_bundle.p12 -clcerts -nokeys -out cert.pem                  #p12 in pem without ca certs
 openssl pkcs12 -in cert_bundle.p12 -nocerts -out privkey_encr.key                  #private key extrahieren  openssl pkcs12 -in cert_bundle.p12 -nocerts -out privkey_encr.key                  #private key extrahieren 
Line 82: Line 120:
 openssl x509 -inform der -in certificate.cer -out certificate.pem                  #der in pem openssl x509 -inform der -in certificate.cer -out certificate.pem                  #der in pem
 openssl pkcs7 -inform der -in cacert.p7b -out cacert.pem                           #p7p in pem openssl pkcs7 -inform der -in cacert.p7b -out cacert.pem                           #p7p in pem
 +</code>
 +
 +Permissions
 +<code>
 +chmod 700 private                                                                  #private key folder
 +chmod 600 private.key                                                              #private key
 +chmod 755 certs                                                                    #public certs folder
 +chmod 644 cert.pem                                                                 #public key file
 </code> </code>
  
linux/verschluesselung/openssl.1736524561.txt.gz · Last modified: 2025/01/10 16:56 by gsys