• Edit
  • Delete

SSL / OpenSSL / Certificates Cheat Sheet

OpenSSL Commands


Display certificate information


# For a certificate signing request
openssl req -text -noout -in $DOMAIN.csr.pem
# For a generated certificate
openssl x509 -in $DOMAIN.crt.pem -noout -text

Standards and Formats

X.509 certificates are used http://en.wikipedia.org/wiki/X.509

Certificate filename extensions

Common filename extensions for X.509 certificates are:

  • .pem – (Privacy Enhanced Mail) Base64 encoded DER certificate,
    enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
  • .cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)


Self-signed certificates


PKI root certificate URL: http://www.cacert.org/certs/root.crt

PKI class 3 certificate URL: http://www.cacert.org/certs/class3.crt