The Linux openssl Command #
The Linux openssl command is a versatile utility for managing certificates, encrypting data, and implementing secure communication protocols. It provides an extensive suite of cryptographic functions, making it a cornerstone of security in Linux environments.
OpenSSL is widely used for creating, signing, and verifying SSL/TLS certificates, managing private keys, and performing encryption/decryption tasks.
Key Usage and Syntax of the openssl Command #
The basic syntax of the openssl command is:
openssl [OPTIONS]- SUBCOMMAND: Specifies the cryptographic operation, such as
req(certificate request),genrsa(generate RSA key), orenc(encryption). - OPTIONS: Additional flags and parameters to customize the behavior of the subcommand.
openssl Command Cheatsheet Table #
| Command | Description |
openssl genrsa -out private.key 2048 |
Generate a 2048-bit RSA private key |
openssl req -new -key private.key -out request.csr |
Create a certificate signing request (CSR) |
openssl x509 -req -in request.csr -signkey private.key -out certificate.crt |
Generate a self-signed certificate |
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc |
Encrypt a file with AES-256 |
openssl enc -aes-256-cbc -d -in file.enc -out file.txt |
Decrypt an AES-256 encrypted file |
openssl s_client -connect example.com:443 |
Test an SSL/TLS connection |
openssl dgst -sha256 -sign private.key -out signature file.txt |
Sign a file with SHA-256 |
openssl dgst -sha256 -verify public.pem -signature signature file.txt |
Verify a file signature |
The openssl req Subcommand #
Create a Certificate Signing Request (CSR) #
openssl req -new -key private.key -out request.csrThis command generates a CSR based on a private key. During execution, you will be prompted to input details such as country, organization, and common name.
Example Output #
Generating a 2048 bit RSA private key ...... Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:California ...
The openssl x509 Subcommand #
Generate a Self-Signed Certificate #
openssl x509 -req -in request.csr -signkey private.key -out certificate.crtThis command creates a self-signed certificate for testing purposes. Use a CA-signed certificate for production environments.
Example Output #
Signature ok subject=/C=US/ST=California/O=MyOrg/CN=example.com ...
The openssl enc Subcommand #
Encrypt a File #
openssl enc -aes-256-cbc -salt -in file.txt -out file.encThis command encrypts file.txt using AES-256 encryption, producing file.enc.
Decrypt a File #
openssl enc -aes-256-cbc -d -in file.enc -out file.txtDecrypts file.enc back to its original form, provided the correct password is entered.
Examples of Using the openssl Command #
Generate a Private Key and CSR #
openssl genrsa -out private.key 2048
openssl req -new -key private.key -out request.csrUse these commands to create a private key and CSR. Submit the CSR to a certificate authority (CA) to obtain an SSL certificate.
Test an SSL/TLS Connection #
openssl s_client -connect example.com:443This command connects to example.com on port 443 to test its SSL/TLS configuration.
Summary #
The openssl command is an indispensable tool for security tasks in Linux. From managing certificates to encrypting data, it provides robust functionality for maintaining secure systems. Mastering openssl is essential for Linux administrators and anyone managing secure communications.
