OpenSSL Howto's
The de-facto standard implementation of SSL is OpenSSL. Matured over the past years, It is the base for security layer implementations in communications software. Handling is non-trivial, and in the earlier days documentation was sparse.
Online Certificate Tools
WebCert Online provides a number of freely accessible online tools for certificate management. This is the next best option if no OpenSSL commandline is easily available.
- Certificates, CSR and Key Creation: Live CSR and Key Creation Page
- Cert Signing Request (CSR) Checker: Live WebCert CSR Verification
- Certificate Trust Validation Checker: Live Cert and URL Test/Validation
- PKCS#12 File Creation and Analysis: Live PKCS12 File Convertion Tools
More information about WebCert itself is here.
Misc Items
- Example certificates for verification and testing Test your Applications
- How to analyze packets in a SSL encrypted network connection [read article]
- How to use stunnel to provide SSL encryption support for a webserver [read article]
- How to generate S/MIME certificates with WebCert [read article]
The OpenSSL Manuals
- The OpenSSL manual pages for the commandline tools [search manuals]
- The OpenSSL manual pages for the libssl API [search manuals]
- The OpenSSL manual pages for the libcrypto API [search manuals]
OpenSSL API Examples
With OpenSSL's documentation not yet complete and sparse,the following sample programs demonstrate various functions and enable "learning by doing". For additional programs, see also the "demo" directory within the OpenSSL source package.
I wrote down below examples between 2004 and 2016 working under OpenSSL 1.0.x. The OpenSSL API changed from OpenSSL 1.1.x onwards, encapsulating internal structures and requiring to use new get/set functions. Please note the possible impact.
- How to load and display a SSL private key using OpenSSL libraries in 'C' [read article]
- How to create a PKCS12 cert bundle in 'C' for use with Windows S/MIME [read article]
- How to create a X509 digital certificate from a CSR request in 'C' [read article]
- How to validate a X509 certificate against a CA cert or chain in 'C' [read article]
- How to extract public key data from a X509 digital certificate in 'C' [read article]
- How to extract the serial number from a X509 digital certificate in 'C' [read article]
- How to extract the signature data from a X509 digital certificate in 'C' [read article]
- How to generate the fingerprint hash of a X509 digital certificate in 'C' [read article]
- How to load a list of certificates, and display various subject data in 'C' [read article]
- How to extract certificate extensions from a X509 digital certificate in 'C' [read article]
- How to make a basic SSL/TLS connection and get the servers certificate in 'C' [read article]
- How to create/set the ASN1 date and time for X509 digital certificates in 'C' [read article]
- How to create a new CSR request from a existing X509 digital certificate in 'C' [read article]
- How to add extra/missing OID's to OpenSSL's internal NID table structure in 'C' [read article]
- How to create and display elliptic curve cryptography (ECC) key pairs in 'C' [read article]
- How to extract and display data from a certificate revocation list (CRL) in 'C' [read article]