OpenSSL is cool

February 28, 2007

No news there, but some neat tricks: To test a certificate:

> cat mycert.crt mycert.key > mycert.pem

> openssl s_server -cert mycert.pem -www

and then check https://localhost:4433

To strip a passphrase from an RSA keyfile:

> openssl rsa -in mykey.key -out newkey.pem

Whenever someone says you should “use make to create hash links” what they really mean is you should use Makefile.crt that comes with mod_ssl to create hash symlinks for Apache. This file doesn’t come with OS X Server however, so either grab one from the mod_ssl source distribution (from the pkg.sslcfg directory) or use the script described here.

All taken from this brilliant Q&A.