Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, Bite Size Networking!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

Image of a comic. To read the full HTML alt text, click "read the transcript". get the zine!
read the transcript!

openssl is a tool for doing SSL things

(aka TLS)

  • inspect certificates
  • create CSRs
  • sign certificates

It uses the OpenSSL library (or LibreSSL)

inspect a certificate

$ openssl x509 -in
   FILE.crt -noout -text

This works for files ending in .crt or .pem! Try it out:

you probably have certs in usr/share/ca-certificates

look at a website’s certificate

$openssl s_client
 -showcerts -connect
 google.com:443

happy little stick figure with curly hair: pipe this to openssl x509 to parse!

panel 4

certificate authority, represented by a box with a neutral expression: please upload a CSR

person: a WHAT?!

to get a SSL cert for your website, you need to make a file called a “certificate signing request.”

make a CSR

$ openssl req -new
 -sha256 -key FILE.key
 -out FILE.csr

make a FILE.key with $ openssl genrsa

md5/sha1/sha25b/sha512

Not quite SSL but useful: $openSSL md5 FILE

computes the md5sum of FILE. Same for other digests

$ openssl LIST -digestcommands shows all supported digests.