How to use openssl for certificates and encryption

· Category: Linux

Short answer

OpenSSL is a versatile toolkit for cryptography, including certificates, keys, and file encryption.

Steps

  1. Generate a private key:
openssl genrsa -out key.pem 2048
  1. Create a CSR:
openssl req -new -key key.pem -out csr.pem
  1. Self-signed certificate:
openssl req -x509 -key key.pem -out cert.pem -days 365
  1. Encrypt a file:
openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc

Tips

  • Protect private keys with strong passphrases.
  • Use -nodes only if you need an unencrypted key (not recommended).
  • Verify certificates with openssl s_client -connect host:443.

Common issues

  • Passphrase prompts in automation: use secure secret management instead of plaintext.
  • Weak ciphers: always use modern algorithms and key sizes.