OpenSSL Documentation
OpenSSL is a powerful open-source toolkit for implementing secure communication. It provides functionalities such as encryption, decryption, and SSL/TLS protocols. ServBay comes with OpenSSL pre-installed, and this document will detail the installation, configuration, and usage methods of OpenSSL.
Table of Contents
Installation and Configuration
Installation
OpenSSL is pre-installed on ServBay, so no additional installation is required.
Configuration
The OpenSSL configuration file is typically located in the /Applications/ServBay/package/common/openssl/3.2 directory (for Intel chips in /Applications/ServBay/package/common/openssl/1.1.1u), with the default configuration file being openssl.cnf. You can modify the configuration file as needed to adjust the behavior of OpenSSL.
Example configuration file content:
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, fully qualified host name)
commonName_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Basic Usage
OpenSSL provides a rich set of command-line tools for various encryption and certificate management tasks. Here are some basic usage examples:
Generate Private and Public Keys
Generate RSA Private Key
openssl genpkey -algorithm RSA -out private_key.pemGenerate Public Key from Private Key
openssl rsa -pubout -in private_key.pem -out public_key.pemGenerate Certificate Signing Request (CSR)
Generate CSR
openssl req -new -key private_key.pem -out request.csrSelf-Signed Certificate
Generate Self-Signed Certificate
openssl req -x509 -days 365 -key private_key.pem -in request.csr -out certificate.crtCertificate Management
View Certificate Information
View CSR Information
openssl req -text -noout -verify -in request.csrView Certificate Information
openssl x509 -text -noout -in certificate.crtConvert Certificate Format
PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.derDER to PEM
openssl x509 -inform der -in certificate.der -out certificate.pemEncryption and Decryption
Symmetric Encryption
Encrypt File Using AES
openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.txtDecrypt File Using AES
openssl enc -d -aes-256-cbc -in encrypted.txt -out decrypted.txtAsymmetric Encryption
Encrypt File Using Public Key
openssl rsautl -encrypt -inkey public_key.pem -pubin -in plaintext.txt -out encrypted.txtDecrypt File Using Private Key
openssl rsautl -decrypt -inkey private_key.pem -in encrypted.txt -out decrypted.txtFrequently Asked Questions
1. OpenSSL Command Cannot Run
- Solution: Check if OpenSSL is correctly installed and ensure the configuration file path is correct. If the issue persists, refer to the error log for more information.
2. Generated Certificate is Invalid
- Solution: Verify that the certificate request file (CSR) and configuration file information are correct. Make sure all required fields are filled out.
3. Encryption or Decryption Failure
- Solution: Ensure the keys and algorithms being used are correctly matched. Check the input file and output file paths for accuracy.
Summary
OpenSSL is a powerful and flexible toolkit suited for various secure communication and encryption tasks. By following this document, you can learn how to install, configure, and use OpenSSL on ServBay for certificate management and data encryption.