Formatwandlung eines Zertifikates vom .pem in das .pkcs12 Format
openssl pkcs12 -export -out mycert.p12 \
-inkey $HOME/.globus/userkey.pem \
-in $HOME/.globus/usercert.pem -name „My Certificate“
Formatwandlung eines Host Zertifikates vom .pkcs12 in das .pem Format
openssl pkcs12 -in host.domain.p12 -clcerts -nokeys -out host.domain.cert.pem
openssl pkcs12 -in host.domain.p12 -nocerts -nodes -out host.domain.key.pem
# These files should then be placed in /etc/grid-security and httpd.conf
# modified accordingly. host.domain.cert.pem can safely be world readable
# but host.domain.key.pem must only be readable by root!:
chown root.root host.domain.key.pem
chmod 0400 host.domain.key.pem
Formatwandlung eines Benutzer Zertifikates vom .pkcs12 in das .pem Format
openssl pkcs12 -in export.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
openssl pkcs12 -in export.p12 -nocerts -out $HOME/.globus/userkey.pem
# The user certificate can safely be world readable, but userkey.pem
# must only be readable by you!
chmod 0400 $HOME/.globus/userkey.pem
Passwort des Private keys ändern
openssl rsa -in $HOME/.globus/userkey.pem -des3
# you will be prompted for the old passphrase, the new passphrase
# and to verify the new passphrase
Informationen aus dem Zertifikat anzeigen.
# viele Informationen
openssl x509 -text -in cert.pem
# Aussteller
openssl x509 -noout -in cert.pem -issuer
# subject
openssl x509 -noout -in cert.pem -subject
# in welchem Zeitraum ist es gültig?
openssl x509 -noout -in cert.pem -dates
# Der Hash wert des Zertifikates
openssl x509 -noout -in cert.pem -hash
# Der MD5 Fingerprint
openssl x509 -noout -in cert.pem -fingerprint
Zertifikat überprüfen
openssl verify cert.pem