Diese Community richtet sich an Fachleute und Enthusiasten unserer Produkte und Dienstleistungen.
Teilen und diskutieren Sie die besten Inhalte und neuen Marketingideen, bauen Sie Ihr professionelles Profil auf und werden Sie gemeinsam ein besserer Vermarkter.
When installed SSL in web hosting server (Baota planel), occurred below error:
Certificate ERROR:
nginx: [emerg] SSL_CTX_use_PrivateKey("/www/server/panel/vhost/cert/mydomain/privkey.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed
Check an MD5 hash of the public key to ensure that it matches with what is in a private key
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
check stdinwhether it's same.
Other openssl_commands.md you may use as below:
Install
Install the OpenSSL on Debian based systems
sudo apt-get install openssl
Commands
Creation
Create a private key
openssl genrsa -out server.key 4096
Generate a new private key and certificate signing request
openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key
Generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
Generate a certificate signing request (CSR) for an existing private key
openssl req -out server.csr -key server.key -new
Generate a certificate signing request based on an existing certificate
openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key
Generate a Diffie Hellman key
openssl dhparam -out dhparam.pem 2048
Generate a v3 certificate by signing CSR
openssl x509 -days 365 -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt
See below for an example v3.ext file
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
Checking
Check a certificate signing request (CSR)
openssl req -text -noout -verify -in server.csr
Check a private key
openssl rsa -in server.key -check
Check a public key
openssl rsa -inform PEM -pubin -in pub.key -text -noout
openssl pkey -inform PEM -pubin -in pub.key -text -noout
Check a certificate
openssl x509 -in server.crt -text -noout
openssl x509 -in server.cer -text -noout
Check a PKCS#12 file (.pfx or .p12)
openssl pkcs12 -info -in server.p12
Verify a private key matches an certificate
openssl x509 -noout -modulus -in server.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5
openssl req -noout -modulus -in server.csr | openssl md5
Display all certificates including intermediates
openssl s_client -connect www.adneti.com:443
Converting
Convert a DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in server.cer -out server.pem
Convert a PEM file to DER
openssl x509 -outform der -in server.pem -out server.der
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in server.pfx -out server.pem -nodes
Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
Other commands
Remove a passphrase from a private key
openssl rsa -in server.pem -out newserver.pem
Parse a list of revoked serial numbers
openssl crl -inform DER -text -noout -in list.crl
Encrypt files with rsautl
openssl rsautl -encrypt -in plaintext.txt -out encrypted.txt -pubin -inkey pubkey.pem
Decrypt files with rsautl
openssl rsautl -decrypt -in encrypted.txt -out plaintext.txt -inkey privkey.pem
Exporting
Extracting Public Key from Private Key
openssl rsa -in privkey.pem -pubout > key.pub
Extracting Public Key from Certificate
openssl x509 -pubkey -noout -in cert.pem > pubkey.pem
