This community is for professionals and enthusiasts of our products and services.
Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.
When installed SSL in web hosting server (Baota planel), occurred below error:
Certificate ERROR:
nginx: [emerg] SSL_CTX_use_PrivateKey("/www/server/panel/vhost/cert/mydomain/privkey.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed
Check an MD5 hash of the public key to ensure that it matches with what is in a private key
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
check stdinwhether it's same.
Other openssl_commands.md you may use as below:
Install
Install the OpenSSL on Debian based systems
sudo apt-get install openssl
Commands
Creation
Create a private key
openssl genrsa -out server.key 4096
Generate a new private key and certificate signing request
openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key
Generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
Generate a certificate signing request (CSR) for an existing private key
openssl req -out server.csr -key server.key -new
Generate a certificate signing request based on an existing certificate
openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key
Generate a Diffie Hellman key
openssl dhparam -out dhparam.pem 2048
Generate a v3 certificate by signing CSR
openssl x509 -days 365 -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt
See below for an example v3.ext file
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
Checking
Check a certificate signing request (CSR)
openssl req -text -noout -verify -in server.csr
Check a private key
openssl rsa -in server.key -check
Check a public key
openssl rsa -inform PEM -pubin -in pub.key -text -noout
openssl pkey -inform PEM -pubin -in pub.key -text -noout
Check a certificate
openssl x509 -in server.crt -text -noout
openssl x509 -in server.cer -text -noout
Check a PKCS#12 file (.pfx or .p12)
openssl pkcs12 -info -in server.p12
Verify a private key matches an certificate
openssl x509 -noout -modulus -in server.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5
openssl req -noout -modulus -in server.csr | openssl md5
Display all certificates including intermediates
openssl s_client -connect www.adneti.com:443
Converting
Convert a DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in server.cer -out server.pem
Convert a PEM file to DER
openssl x509 -outform der -in server.pem -out server.der
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in server.pfx -out server.pem -nodes
Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt
Other commands
Remove a passphrase from a private key
openssl rsa -in server.pem -out newserver.pem
Parse a list of revoked serial numbers
openssl crl -inform DER -text -noout -in list.crl
Encrypt files with rsautl
openssl rsautl -encrypt -in plaintext.txt -out encrypted.txt -pubin -inkey pubkey.pem
Decrypt files with rsautl
openssl rsautl -decrypt -in encrypted.txt -out plaintext.txt -inkey privkey.pem
Exporting
Extracting Public Key from Private Key
openssl rsa -in privkey.pem -pubout > key.pub
Extracting Public Key from Certificate
openssl x509 -pubkey -noout -in cert.pem > pubkey.pem
