Export certificate and private key from a pfx file

When moving certificates from Windows servers to Linux you may need to export the private key and certificate from a pfx file. This is how it’s done:

1. Export the private key

openssl pkcs12 -in cert.pfx -nocerts -out cert.key.wpass

Replace cert.pfx with the certificate exported from Windows. The private key will be exported to cert.key.wpass including a password that you need to selecting in this step Continue reading →

How to create pfx (PKCS12) file using openssl

If you have a certificate file and private key and need to move that to a Windows server you can easily create a pfx file that can be imported on the Windows server.

Here’s how:

openssl pkcs12 -export -in {cer_filename}.cer -inkey {key_filename}.key -out {pfx_filename}.pfx

You will be asked to provide a password. You’ll need to use this password when you import the certificate on the Windows server.

How to check if SSL v2 is enabled using openssl

SSL v2 is weak and outdated protocol. All modern browsers and applications support SSL v3 and that’s why you should disable SSL v2 where possible.

Using this command you can check if SSL v2 is enabled:

openssl s_client -connect www.example.org:443 -ssl2

Continue reading →

Generating 2048 bit CSR with OpenSSL

Today, all certificate authorities require 2048 bit private key when requesting SSL certificates. This is how it’s done:

openssl req -nodes -newkey rsa:2048 -keyout cert.key -out cert.csr