Fork me on GitHub
Permalink: 05/20/15, 17:05 by k0ste in misc tags: ssl nginx openssl tls

Remove password from key

openssl rsa -in server.key.orig -out server.key

Merge all chain in one file

After this you can use this no only with Nginx, with full-chain work fine dovecot and postfix.

cat server.crt.orig intermediate1.crt intermediate2.crt > server.ru.pem

Make Pins for HPKP Header

Leaked from RFC7469:

openssl x509 -noout -in certificate.pem -pubkey | \
openssl asn1parse -noout -inform pem -out public.key

openssl dgst -sha256 -binary public.key | openssl enc -base64

Generate Diffie–Hellman key

openssl dhparam -out dhparam.pem 4096