SSL / OpenSSL / Certificates Cheat Sheet
OpenSSL Commands
http://wiki.samat.org/CheatSheet/OpenSSL
Display certificate information
# For a certificate signing request
openssl req -text -noout -in $DOMAIN.csr.pem
# For a generated certificate
openssl x509 -in $DOMAIN.crt.pem -noout -text
Standards and Formats
X.509 certificates are used http://en.wikipedia.org/wiki/X.509
Certificate filename extensions
Common filename extensions for X.509 certificates are:
- .pem – (Privacy Enhanced Mail) Base64 encoded DER certificate,
enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" - .cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
CACert
Self-signed certificates
PKI root certificate URL: http://www.cacert.org/certs/root.crt
PKI class 3 certificate URL: http://www.cacert.org/certs/class3.crt