OpenSSL User Guide
OpenSSL is a robust open-source toolkit designed to enable secure communications. It offers functions such as encryption, decryption, and the SSL/TLS protocols. ServBay comes pre-packaged with OpenSSL, and this document provides a detailed introduction to its installation, configuration, and usage.
Installation and Configuration
Installation
OpenSSL is included with ServBay by default; no additional installation is required.
Configuration
The OpenSSL configuration file is usually located at /Applications/ServBay/package/common/openssl/3.2 (on Intel-based chips: /Applications/ServBay/package/common/openssl/1.1.1u). The default configuration file is openssl.cnf. You can modify this file as needed to adjust OpenSSL's behavior.
Sample configuration file contents:
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, fully qualified host name)
commonName_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Basic Usage
OpenSSL provides a rich set of command-line tools for a variety of encryption and certificate management tasks. Here are some fundamental usage examples:
Generate Private and Public Keys
Generate an RSA Private Key
openssl genpkey -algorithm RSA -out private_key.pemGenerate a Public Key from a Private Key
openssl rsa -pubout -in private_key.pem -out public_key.pemCreate a Certificate Signing Request (CSR)
Generate a CSR
openssl req -new -key private_key.pem -out request.csrSelf-Signed Certificates
Generate a Self-Signed Certificate
openssl req -x509 -days 365 -key private_key.pem -in request.csr -out certificate.crtCertificate Management
View Certificate Information
View CSR Information
openssl req -text -noout -verify -in request.csrView Certificate Details
openssl x509 -text -noout -in certificate.crtConvert Certificate Formats
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.derConvert DER to PEM
openssl x509 -inform der -in certificate.der -out certificate.pemEncryption and Decryption
Symmetric Encryption
Encrypt a File Using AES
openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.txtDecrypt a File Using AES
openssl enc -d -aes-256-cbc -in encrypted.txt -out decrypted.txtAsymmetric Encryption
Encrypt a File Using a Public Key
openssl rsautl -encrypt -inkey public_key.pem -pubin -in plaintext.txt -out encrypted.txtDecrypt a File Using a Private Key
openssl rsautl -decrypt -inkey private_key.pem -in encrypted.txt -out decrypted.txtFrequently Asked Questions
1. OpenSSL Command Not Working
- Solution: Ensure that the ServBay environment variables are properly set. If issues persist, try navigating to ServBay's “Settings” → “Command Line Tools,” configure them for
zshandbashrespectively, then reopen your terminal.
2. Generated Certificates Are Invalid
- Solution: Verify that the information in your certificate request file (CSR) and configuration file is correct. Be sure all required fields are filled in.
3. Encryption or Decryption Fails
- Solution: Double-check that the keys and algorithms used match correctly. Also, ensure the input and output file paths are accurate.
Conclusion
OpenSSL is a powerful and flexible toolkit for a wide range of secure communication and encryption tasks. With the guidance in this document, you can now install, configure, and use OpenSSL within ServBay for certificate management and data encryption.