Openssl 1

The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.

  1. Openssl 101
  2. Openssl 1.1.0i Installation Windows
  3. Openssl 1.1.1

3.3.1 About the openssl Command 3.3.1 About the openssl Command The openssl command, which is included in the openssl package, allows you to perform various cryptography functions from the OpenSSL library including: Creating and managing pairs of private and public keys. OpenSSL is a cryptography toolkit implementing the Transport Layer Security (TLS v1) network protocol, as well as related cryptography standards. The openssl program is a command line tool for using the various cryptography functions of openssl 's crypto library from the shell.

The openssl command, which is included in the openssl package, allows you to perform various cryptography functions from the OpenSSL library including:

  • Creating and managing pairs of private and public keys.

  • Performing public key cryptographic operations.

  • Creating self-signed certificates.

  • Creating certificate signing requests (CSRs).

  • Creating certificate revocation lists (CRLs).

  • Converting certificate files between various formats.

  • Calculating message digests.

  • Encrypting and decrypting files.

  • Testing both client-side and server-side TLS/SSL with HTTP and SMTP servers.

  • Verifying, encrypting and signing S/MIME email.

  • Generating and testing prime numbers, and generating pseudo-random data.

The following are some sample openssl commands.

Create a self-signed X.509 certificate that is valid for 365 days, writing the unencrypted private key to prikey.pem and the certificate to cert.pem.

Test a self-signed certificate by launching a server that listens on port 443.

Test the client side of a connection. This command returns information about the connection including the certificate, and allows you to directly input HTTP commands.

Convert a root certificate to a form that can be published on a web site for downloading by a browser.

Extract a certificate from a server.

Display the information contained in an X.509 certificate.

Display the SHA1 fingerprint of a certificate.

Generate a CSR, writing the unencrypted private key to prikey.pem and the request to csr.pem for submission to a CA. The CA signs and returns a certificate or a certificate chain that authenticates your public key.

Openssl 1

Display the information contained in a CSR.

Verify a certificate including the signing authority, signing chain, and period of validity.

Display the directory that holds information about the CAs trusted by your system. By default, this directory is /etc/pki/tls. The /etc/pki/tls/certs subdirectory contains trusted certificates.

Create an SHA1 digest of a file.

Sign the SHA1 digest of a file using the private key stored in the file prikey.pem.

Verify the signed digest for a file using the public key stored in the file pubkey.pem.

List all available ciphers.

Encrypt a file using Blowfish.

Decrypt a Blowfish-encrypted file.

Convert a base 64 encoded certificate (also referred to as PEM or RFC 1421) to binary DER format.

Convert the base 64 encoded certificates for an entity and its CA to a single PKCS7 format certificate.

For more information, see the openssl(1), ciphers(1), dgst(1), enc(1), req(1), s_client(1), s_server(1), verify(1), and x509(1) manual pages.

Openssl 101

Copyright © 2013, 2021, Oracle and/or its affiliates. Legal Notices

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. For more information about the team and community around the project, or to start making your own contributions, start with the community page. To get the latest news, download the source, and so on, please see the sidebar or the buttons at the top of every page.

OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

For a list of vulnerabilities, and the releases in which they were found and fixes, see our Vulnerabilities page.

Latest News

Openssl 1.1.0i Installation Windows

DateItem
06-May-2021Alpha 16 of OpenSSL 3.0 is now available: please download and test it
22-Apr-2021Alpha 15 of OpenSSL 3.0 is now available: please download and test it
08-Apr-2021Alpha 14 of OpenSSL 3.0 is now available: please download and test it
25-Mar-2021OpenSSL 1.1.1k is now available, including bug and security fixes
11-Mar-2021Alpha 13 of OpenSSL 3.0 is now available: please download and test it
More...

Legalities

Openssl 1.1.1

Please remember that export/import and/or use of strongcryptography software, providing cryptography hooks, or even justcommunicating technical details about cryptography software isillegal in some parts of the world. So when you import thispackage to your country, re-distribute it from there or evenjust email technical suggestions or even source patches to theauthors or other people you are strongly advised to pay closeattention to any laws or regulations which apply toyou. The authors of OpenSSL are not liable for any violationsyou make here. So be careful, it is your responsibility.