Thursday, April 22, 2010

OpenSSL commands

Convert .p12 to .pem using Openssl
openssl pkcs12 -in filename.p12 -out filename.pem

Convert .key to .pem
openssl rsa -in server.key -text > my-key.pem

Convert .crt to .pem
openssl x509 -inform PEM -in server.crt > my-cert.pem

Create .p12 from .crt and .key
1) openssl rsa -in server.key -text > my-key.pem
2) openssl x509 -inform PEM -in server.crt > my-cert.pem
3) openssl pkcs12 -inkey my-key.pem -in my-cert.pem -export -name mycertname -out myp12file.p12
Enter Export Password:
Verifying - Enter Export Password:


Export private key from password protected .p12 file 
openssl pkcs12 -in filename.p12 -password stdin -out key.pem -nocerts

Export cert from password protected .p12 file 
openssl pkcs12 -in filename.p12 -password stdin -out key.pem -nokeys -clcerts

option -clcerts extract only client certificate without ca certs

Create request (CSR) for submission to Certificate Authority

openssl req -out /opt/apacheconf/ssl/mywebsite.csr -new -newkey rsa:2048 -nodes -keyout /opt/apacheconf/ssl/mywebsite-privkey.key

View CSR file content
openssl req -in myfile.csr -noout -text

Error

C:\OpenSSL-Win64\bin>openssl
WARNING: can't open config file: /usr/local/ssl/openssl.cnf

Solution
set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg
Set openssl conf path in command line and rerun openssl


posted by Jayanthi Krishnamurthy @ 9:33 AM   0 Comments

Thursday, April 1, 2010

SSH authorization between hosts with no password

This script will allow to login to remote servers with no password after first time execution.

ssh_script.sh
----------------------------------------------------------
#!/bin/sh
source ~/.bash_profile

# Uncomment and execute this line only one for generation of keys on local server running the script
#ssh-keygen -t rsa

user=myuser
servers="server1-ip server2-ip"

for server in $servers
do
  #Make sure .ssh directory has permissions 700 (Higher privileges cause authorization issues)
  ssh $user@$server 'mkdir ~/.ssh; chmod -R 700 ~/.ssh'
  echo "Copying to server $server"

  # the line copies the authorized keys to the remote server
  #scp ~/.ssh/id_rsa.pub $user@$server:~/.ssh/authorized_keys

  #-------- Append local server id_rsa.pub content into remote server authorized_keys file
  cat ~/.ssh/id_rsa.pub | ssh $user@$server "cat >> ~/.ssh/authorized_keys"
done
exit 0
----------------------------------------------------------

posted by Jayanthi Krishnamurthy @ 4:02 PM   0 Comments

Newer›  ‹Older