Step-by-Step Guide
- Update the Package Index
Open a terminal and update the package index to ensure you have the latest information about available packages:
sudo apt update
- Install OpenSSL
Install OpenSSL using theapt
package manager:
sudo apt install openssl
- Verify OpenSSL Installation
Check the OpenSSL version to ensure it is installed correctly:
openssl version
You should see the OpenSSL version information displayed.
- Generate a Self-Signed Certificate
To generate a self-signed certificate for testing purposes, use the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mydomain.key -out mydomain.crt
This command will create a new private key (mydomain.key
) and a self-signed certificate (mydomain.crt
) valid for 365 days. You will be prompted to enter information such as country, state, locality, organization, and common name (your domain name or IP address).
- View the Certificate
To view the details of the generated certificate, use the following command:
openssl x509 -in mydomain.crt -text -noout
- Generate a Certificate Signing Request (CSR)
If you need to obtain a certificate from a Certificate Authority (CA), generate a CSR:
openssl req -new -key mydomain.key -out mydomain.csr
You will be prompted to enter the same information as when generating a self-signed certificate. The CSR (mydomain.csr
) can then be submitted to a CA for signing.
- Check a CSR
To view the details of the CSR, use the following command:
openssl req -in mydomain.csr -text -noout
- Encrypt a File Using OpenSSL
To encrypt a file using OpenSSL, use theenc
command:
openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc
You will be prompted to enter and confirm a password. This command encrypts file.txt
and creates an encrypted file file.txt.enc
.
- Decrypt a File Using OpenSSL
To decrypt a file, use the following command:
openssl enc -aes-256-cbc -d -in file.txt.enc -out file.txt
You will be prompted to enter the password used for encryption. This command decrypts file.txt.enc
and restores the original file.txt
.
- Generate a Private Key
To generate a new private key, use the following command:openssl genpkey -algorithm RSA -out private.key -aes-256-cbc
You will be prompted to enter and confirm a password for the private key. - Generate a Public Key
To extract the public key from the private key, use the following command:bash openssl rsa -pubout -in private.key -out public.key