openssl

Display help

$ openssl help

$ openssl help [x509]

$ openssl version

openssl <command> [<command_options>] [<arguments>]

genrsa
    Generates an RSA private key. Essential for creating the cryptographic foundation for digital certificates.

req
    Generates a Certificate Signing Request (CSR) for obtaining a certificate from a Certificate Authority (CA), or creates a self-signed certificate.

x509
    Manages X.509 certificates. Used for displaying certificate content, converting formats, signing new certificates, or verifying existing ones.

pkcs12
    Processes PKCS#12 files (.pfx or .p12), which often bundle a private key and its corresponding certificate chain into a single, password-protected file.

s_client
    Implements a generic SSL/TLS client that can connect to a remote host, providing useful information for debugging SSL/TLS connections.

dgst
    Computes message digests (hashes) of files or data using various cryptographic hash algorithms (e.g., SHA256, MD5).

enc
    Encrypts and decrypts files using various symmetric encryption algorithms (e.g., AES, DES).

verify
    Verifies a certificate chain against a set of trusted certificates.

ciphers
    Lists all supported SSL/TLS cipher suites and their details.

speed
    Performs benchmarks of cryptographic algorithms to measure system performance.

OpenSSL is a robust, commercial-grade, and full-featured toolkit implementing the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. The `openssl` command-line tool provides a vast array of cryptographic functions, enabling users to perform crucial security-related tasks directly from the terminal. This includes generating cryptographic keys (e.g., RSA, ECC), creating and managing digital certificates (X.509), handling Certificate Signing Requests (CSRs), and encrypting/decrypting data.

It is an indispensable tool for securing network communications, widely used in web servers (for HTTPS), email servers, VPNs, and various client applications. System administrators, developers, and security professionals rely on it for tasks like setting up secure websites, managing Public Key Infrastructure (PKI) elements, and performing cryptographic tests or operations.

OpenSSL is incredibly powerful but has a steep learning curve due to its extensive functionality and often cryptic command-line interface. Incorrect usage can lead to serious security vulnerabilities. It's crucial to keep your OpenSSL installation updated to patch known security vulnerabilities, such as the infamous Heartbleed bug. Always refer to the specific command's man page for precise options and usage.

The openssl command can be used both interactively for complex certificate management and configuration tasks, and in scripts for automation of routine cryptographic operations like key generation or certificate renewal.

Many operations within openssl, especially certificate authority (CA) functions and certificate extensions, are governed by a configuration file, typically openssl.cnf. This file allows for highly customized cryptographic policies and settings.

It's important to distinguish that OpenSSL is primarily a cryptographic library (libcrypto and libssl) used by countless applications. The openssl command is the command-line interface to a subset of this library's vast capabilities, making cryptographic functions accessible directly to users and scripts.

The OpenSSL project began in 1998, based on an earlier project called SSLeay developed by Eric A. Young and Tim J. Hudson. It quickly became the dominant open-source implementation of SSL/TLS protocols and cryptographic libraries. Its widespread adoption made it a critical component of global internet infrastructure. A significant event in its history was the discovery of the Heartbleed bug in 2014, a critical vulnerability that highlighted the need for more robust development and auditing of the library. This led to increased funding, scrutiny, and even forks like LibreSSL and BoringSSL, emphasizing its fundamental role in cybersecurity.

certbot(1), ssh-keygen(1), ssl(7), x509(3), keytool(1)