Technical Guide

This post is a technical guide

Published on May 04, 2024 by Robert McCue

how to setup ssl tls certificates keystore openssl

2 min READ

Overview

This post is a technical guide

SSL/TLS/Certificates

  • Common SSL Commands

    • Generate a new private key and Certificate Signing Request
      openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
    • Generate a certificate signing request (CSR) for an existing private key
      openssl req -out CSR.csr -key privateKey.key -new
    • Generate a certificate signing request based on an existing certificate
      openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
    • Check a certificate
      openssl x509 -in certificate.crt -text -noout
    • Check an SSL connection. All the certificates (including Intermediates) should be displayed
      openssl s_client -connect www.example.com:443

  • Common Java Keystore Commands

    • Import a root or intermediate CA certificate to an existing Java keystore
      keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
    • Generate a keystore and self-signed certificate
      keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
    • Check which certificates are in a Java keystore
      keytool -list -v -keystore keystore.jks
    • Export a certificate from a keystore
      keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • Check cert and key match via modulus hash
    openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in server.crt | openssl md5
  • Mutual TLS Intro

Kubernetes

Certified Ethical Hacker (CEH)