How to manage Certificates

2015/02/23 Bruno Santeramo Leave a comment

How to manage certificates

Certificate info

check certificate validity

openssl x509 -noout -subject -enddate -in /etc/grid-security/hostcert.pem

1	openssl x509 -noout -subject -enddate -in /etc/grid-security/hostcert.pem

check whether certificate and private key match

diff -qs <(openssl rsa -in hostkey.pem -pubout) <(openssl x509 -in hostcert.pem -pubkey -noout)

1	diff -qs <(openssl rsa -in hostkey.pem -pubout) <(openssl x509 -in hostcert.pem -pubkey -noout)

extracting information from certificate

openssl x509 -in hostcert.pem -noout -subject

1	openssl x509 -in hostcert.pem -noout -subject

Conversions

from PKCS12 to PEM

To get the private key in the file ~user/.globus/userkey.pem:

openssl pkcs12  -nocerts -in cert.p12 -out ~user/.globus/userkey.pem

1	openssl pkcs12 -nocerts -in cert.p12 -out ~user/.globus/userkey.pem

To get the certificate in the file ~user/.globus/usercert.pem:

openssl pkcs12 -clcerts  -nokeys -in cert.p12 -out ~user/.globus/usercert.pem

1	openssl pkcs12 -clcerts -nokeys -in cert.p12 -out ~user/.globus/usercert.pem

from PEM to PKCS12

If the certificate can be found in usercert.pem and if the private key can be found in userkey.pem, it is possible to generate a PKCS12 file named certif.p12 from these two files using the following command:

openssl pkcs12 -export -out certif.p12 -name "My certificate" -inkey userkey.pem -in usercert.pem

1	openssl pkcs12 -export -out certif.p12 -name "My certificate" -inkey userkey.pem -in usercert.pem

Certificate permissions

chmod 0600 ~/.globus/userkey.pem
chmod 0644 ~/.globus/usercert.pem

1 2	chmod 0600 ~/.globus/userkey.pem chmod 0644 ~/.globus/usercert.pem

Reference

Leave a Reply Cancel reply

Just another WordPress site