OpenSSL tricks - x509, pkcs12, verify output
The OpenSSL commands may seem daunting at first, but there are a lot of useful commands in the OpenSSL toolbox for viewing and managing X.509 certificates and private keys. This recipe will show how to use a few of those commands.
Getting ready
Set up the easy-rsa
certificate environment using the first recipe from Chapter 2, Client-server IP-only Networks, by sourcing the vars
file. This recipe was performed on a computer running Fedora 22 Linux but it can easily be run on Windows or MacOS.
How to do it...
For this recipe, we need to perform the following steps:
To view the subject and expiry date of a given certificate, type:
$ cd /etc/openvpn/cookbook/keys $ openssl x509 -subject -enddate -noout -in client1.crt subject= /C=US/O=Cookbook 2.4/CN=client1 notAfter=Oct 13 17:54:30 2018 GMT
To export a certificate and private key in
PKCS12
format:$ openssl pkcs12 -export -in client1.crt \ -inkey client1.key -out client1.p12 Enter Export Password...