OpenSSL tricks: x509, pkcs12, verify output
The OpenSSL commands may seem daunting at first, but there are a lot of useful commands in the OpenSSL toolbox for viewing and managing X.509 certificates and private keys. This recipe will show how to use a few of those commands.
Getting ready
Set up the
easy-rsa certificate environment using the first recipe from Chapter 2 by sourcing the vars file. This recipe was performed on a computer running Fedora 12 Linux but it can easily be run on Windows or MacOS.
How to do it...
To view the subject and expiry date of a given certificate, type:
$ cd /etc/openvpn/cookbook/keys $ openssl x509 -subject -enddate -noout -in openvpnclient1.crt subject= /C=NL/O=Cookbook/CN=openvpnclient1/emailAddress=[…] notAfter=Jan 30 12:00:09 2013 GMT
To export a certificate and private key in PKCS12 format:
$ openssl pkcs12 -export -in openvpnclient1.crt \ -inkey openvpnclient1.key -out openvpnclient1.p12 Enter Export Password:[Choose a strong password] Verifying...
