Tips for SSL certificates

Display CSR information:

openssl req -text -noout -in foo.csr

Display signed cert information:

openssl x509 -in foo.crt.pem -noout -text

To remove a password from a key:

openssl rsa -in foo.key.pem -out foo-unlocked.key.pem

To decode a CRL:

openssl crl -text -in ca.crl.pem

To check a certificate against a CRL:

cat ca/ca.crl.pem ca/ca.crt.pem > crl-check.pem
openssl verify -CAfile crl-check.pem -crl_check foo.crt.pem

Leave a comment