Lewati ke konten
πŸ› οΈToolsShed

Referensi Perintah OpenSSL

Perintah OpenSSL umum untuk sertifikat, kunci, dan enkripsi.

Generate RSA-2048 Private Key

Generate a 2048-bit RSA private key in PEM format.

openssl genrsa -out private.pem 2048

Generate RSA-4096 Private Key

Generate a 4096-bit RSA private key in PEM format.

openssl genrsa -out private.pem 4096

Generate EC Private Key (P-256)

Generate an Elliptic Curve private key using P-256 curve.

openssl ecparam -name prime256v1 -genkey -noout -out ec_private.pem

Extract Public Key from Private Key

Extract the public key from an existing RSA private key.

openssl rsa -in private.pem -pubout -out public.pem

Generate AES-256 Random Key

Generate a random 256-bit (32-byte) key in hex.

openssl rand -hex 32

Generate Random Base64 String

Generate a random 32-byte string encoded as Base64.

openssl rand -base64 32

Generate Self-Signed Certificate

Create a self-signed certificate valid for 365 days.

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes

Generate CSR (Certificate Signing Request)

Create a CSR for submission to a Certificate Authority.

openssl req -new -key private.pem -out request.csr

Generate CSR with Subject (one-liner)

Create a CSR with subject info in one command.

openssl req -new -key private.pem -out req.csr -subj "/C=US/ST=CA/L=San Francisco/O=My Org/CN=example.com"

View Certificate Details

Display detailed information about a PEM certificate.

openssl x509 -in cert.pem -text -noout

Check Certificate Expiry

Show only the validity dates of a certificate.

openssl x509 -in cert.pem -noout -dates

Verify Certificate Against CA

Verify that a certificate was signed by a given CA.

openssl verify -CAfile ca.pem cert.pem

Encrypt File with AES-256-CBC

Encrypt a file using AES-256-CBC symmetric encryption.

openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.enc -k mypassword

Decrypt File with AES-256-CBC

Decrypt a file encrypted with AES-256-CBC.

openssl enc -aes-256-cbc -d -in encrypted.enc -out decrypted.txt -k mypassword

Encrypt with RSA Public Key

Encrypt a small file using an RSA public key.

openssl rsautl -encrypt -inkey public.pem -pubin -in plaintext.txt -out encrypted.bin

Decrypt with RSA Private Key

Decrypt a file encrypted with the corresponding public key.

openssl rsautl -decrypt -inkey private.pem -in encrypted.bin -out decrypted.txt

Sign a File with Private Key

Create a digital signature for a file.

openssl dgst -sha256 -sign private.pem -out signature.bin input.txt

Verify a Digital Signature

Verify a digital signature using the public key.

openssl dgst -sha256 -verify public.pem -signature signature.bin input.txt

View Private Key Info

Display information about an RSA private key.

openssl rsa -in private.pem -text -noout

Check CSR Details

Display the details in a Certificate Signing Request.

openssl req -in request.csr -text -noout

Check Remote SSL Certificate

View the SSL certificate of a remote server.

openssl s_client -connect example.com:443 -showcerts

Get Remote Certificate Expiry

Check expiry date of a remote server's certificate.

echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates

Compute SHA-256 Hash of File

Calculate the SHA-256 hash of a file.

openssl dgst -sha256 file.txt

Compute MD5 Hash of File

Calculate the MD5 hash of a file.

openssl dgst -md5 file.txt

Convert PEM to DER

Convert a PEM certificate to DER binary format.

openssl x509 -in cert.pem -outform DER -out cert.der

Convert DER to PEM

Convert a DER certificate to PEM text format.

openssl x509 -inform DER -in cert.der -outform PEM -out cert.pem

Convert PFX/P12 to PEM

Extract certificate and key from a PKCS#12 file.

openssl pkcs12 -in archive.pfx -out certs.pem -nodes

Convert PEM to PFX/P12

Package certificate and key into a PKCS#12 file.

openssl pkcs12 -export -out archive.pfx -inkey private.pem -in cert.pem -certfile ca.pem

Convert PKCS8 to RSA Private Key

Convert a PKCS#8 private key to traditional RSA format.

openssl pkcs8 -in pkcs8.pem -out rsa.pem

Tentang alat ini

OpenSSL adalah perangkat alat standar de facto untuk bekerja dengan TLS/SSL dan kriptografi, tetapi sintaks perintahnya terkenal rumit dan mudah dilupakan di antara penggunaan. Referensi ini mengumpulkan perintah OpenSSL yang paling sering digunakan oleh pengembang dan administrator sistem sehingga Anda dapat menemukan yang tepat tanpa menelusuri halaman manual.

Gunakan untuk mencari cara membuat kunci privat dan CSR, memeriksa detail sertifikat yang sudah ada, menguji koneksi TLS langsung dengan s_client, atau mengonversi sertifikat antar format seperti PEM, DER, dan PKCS12. Setiap perintah disusun agar Anda dapat menemukan tugas yang dimaksud dan mengambil pemanggilan yang tepat.

Salin sebuah perintah dan sesuaikan nama file serta opsinya dengan konfigurasi Anda sebelum menjalankannya. Halaman ini adalah alat bantu belajar dan referensi, bukan pengeksekusi: Anda menjalankan sendiri perintahnya di terminal Anda, tempat kunci dan sertifikat Anda tetap bersifat privat.

Pertanyaan yang Sering Diajukan

Implementasi Kode

import subprocess

def run_openssl(args: list[str]) -> str:
    """Run an openssl command and return stdout."""
    result = subprocess.run(
        ["openssl"] + args,
        capture_output=True, text=True, check=True
    )
    return result.stdout

# Generate a self-signed certificate using subprocess
def generate_self_signed_cert(
    key_path: str = "key.pem",
    cert_path: str = "cert.pem",
    days: int = 365,
    cn: str = "localhost",
    bits: int = 4096,
) -> None:
    # Step 1: generate private key
    subprocess.run(
        ["openssl", "genrsa", "-out", key_path, str(bits)],
        check=True
    )
    # Step 2: generate self-signed cert
    subprocess.run(
        [
            "openssl", "req", "-x509",
            "-key", key_path,
            "-out", cert_path,
            "-days", str(days),
            "-subj", f"/CN={cn}",
        ],
        check=True
    )
    print(f"Certificate written to {cert_path}")

# Read certificate info using cryptography library (pip install cryptography)
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from datetime import datetime, timezone

def inspect_cert(pem_path: str) -> dict:
    with open(pem_path, "rb") as f:
        cert = x509.load_pem_x509_certificate(f.read(), default_backend())
    now = datetime.now(timezone.utc)
    san = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName)
    return {
        "subject": cert.subject.rfc4514_string(),
        "issuer": cert.issuer.rfc4514_string(),
        "not_before": cert.not_valid_before_utc.isoformat(),
        "not_after": cert.not_valid_after_utc.isoformat(),
        "is_expired": cert.not_valid_after_utc < now,
        "serial": cert.serial_number,
        "san": san.value.get_values_for_type(x509.DNSName) if san else [],
    }

Comments & Feedback

Comments are powered by Giscus. Sign in with GitHub to leave a comment.