xct's notes

Keys & Signing


Create key and csr

openssl req -newkey rsa:4096 -keyout <user key> -out <user csr> -nodes -days 365 -subj "/CN=<name>"`

Sign csr with ca

openssl x509 -req -in <user csr> -CA <ca cert> -CAkey <ca key> -out <signed user cert> -set_serial 01 -days 365

Convert to pkcs12 for use in browsers as client certificate

openssl pkcs12 -export -clcerts -in <signed user cert> -inkey <user key> -out <user>.p12

Check key infos

openssl rsa -pubin -inform PEM -text -noout < public.key

Decrypt file with key

openssl rsautl -inkey key.priv -decrypt -in file.enc


Convert putty ppk to openssh rsa

puttygen private.ppk -O private-openssh -o private.ssh