Here is a short manual for OpenSSL.
openssl req -out newkey.csr -new -newkey rsa:[bits] -nodes -keyout priv.key
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:[bits] -keyout priv.key -out cert.crt
openssl x509 -x509toreq -in cert.crt -out newreq.csr -signkey priv.key
openssl req -out oldkey.csr -key priv.key -new
openssl req -new -x509 -extensions v3_ca -keyout ca.key -out ca.crt -days [days valid]
openssl dhparam -out dhparam.pem [bits]
openssl req -text -noout -verify -in oldreq.csr
openssl rsa -in priv.key -check
openssl x509 -in cert.crt -text -noout
openssl pkcs12 -info -in key.pfx
openssl x509 -outform der -in cert.pem -out cert.der
openssl x509 -inform der -in cert.cer -out cert.pem
openssl pkcs12 -in key.pfx -out key.pem -nodes
openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile ca.crt
openssl enc -h
openssl aes-256-cbc -salt -in priv.txt -out priv.txt.enc
openssl aes-256-cbc -d -in priv.txt.enc -out priv.txt.new
openssl aes-256-cbc -a -salt -in priv.txt -out priv.txt.enc
openssl aes-256-cbc -a -d -in priv.txt.enc -out priv.txt.new
openssl s_client -showcerts -connect www.example.com:443
openssl s_client -showcerts -starttls imap -connect mail.eample.com:139
openssl s_client -showcerts -starttls xmpp -connect chat.example.com:5222
openssl s_client -showcerts -cert cert.crt -key cert.key -connect www.example.com:443
openssl verify -verbose -CAFile ca.crt cert.crt
openssl x509 -modulus -noout -in cert.crt | openssl md5
openssl rsa -modulus -noout -in priv.key | openssl md5
openssl version can be found by using SSLeay_version in libcrypto.so, and this function can be found for example directly by using dlsym in the library libcrypto.so or even dylib. Here is a simple example of code able to do so.
#include <stdio.h>
#include <dlfcn.h>
typedef const char *(*SSLEAY_VERSION)(int t);
int main(int argc, char* argv[])
{
void *lib;
SSLEAY_VERSION SSLeay_version;
/* Sanity check */
if (argc != 2)
{
printf("USAGE: %s /path/to/libcrypto.so\n", argv[0]);
return 1;
}
/* Try to open library given by user */
lib = dlopen(argv[1], RTLD_NOW);
if (lib == NULL)
{
printf("%s\n", dlerror());
return 1;
}
/* Grab the object wanted, here openssl version function */
SSLeay_version = (SSLEAY_VERSION) dlsym(lib, "SSLeay_version");
if (SSLeay_version == NULL)
{
printf("%s\n", dlerror());
dlclose(lib);
return 1;
}
printf("SSL version %s\n", SSLeay_version(0));
/* Clean up */
dlclose(lib);
return 0;
}
Compile this code for example like that and then it is simple to use:
$ gcc -g -o openssl_version openssl_version.c -ldl
$ openssl_version /path/to/libcrypto.[so|dylib]
SSL version OpenSSL 1.0.1h-fips 5 Jun 2014
Actually this trick with dlsym can be used on any functions for any library, just be sure that library dependencies are covered when compiling the code.
Unless otherwise specified, the contents of this website are (C)Copyright Michael Paquier 2010-2025 and are licensed for use under CC BY-NC-ND 4.0.