SSL, SSH, and encryption blurbs

ssh-keygen

Calculate the SHA256 hash of a public key

ssh-keygen -l -f .ssh/id_rsa.pub -E sha256

Read an ssh private key and output the public key

ssh-keygen -y -f .ssh/id_rsa

openssl

Creating and signing certificates

Generate self-signed certificate in one shot

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

You can also add -noenc (or, the older option -nodes which was short for "no DES") if you don't want to protect your private key with a passphrase. Otherwise it will prompt you for "at least a 4 character" password.

Self-signed certificate the long way

# Create a (private) key, 2048 bit RSA
  openssl genpkey -out device1.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048
# Create a CSR (certificate signing request) for the certificate
  openssl req -new -key device1.key -out device1.csr
# Check the CSR
  openssl req -text -in device1.csr -noout
# Self-sign certificate from step 1 using the CSR from step 2.  this signs the certificate with its own private key
  openssl x509 -req -days 365 -in device1.csr -signkey device1.key -out device1.crt

Testing things with openssl

Open a netcat-like server and client connection. Run each of these in a different terminal session. The server requires generating a key/cert pair first.

openssl s_server -accept localhost:4433 -cert server.crt -key server.key
openssl s_client localhost:4433

Connect via smtp to a mail server with TLS. This allows you to test a mail server certificate's validity.

openssl s_client -connect my.server:25 -starttls smtp