Table of Contents
- About OpenSSL
- Download OpenSSL
- Installation Instructions
- OpenSSL ZIP Files
- OpenSSL Windows Installer
- OpenSSL Screenshot
- OpenSSL Documentation
- Checking SSL / TLS Certificate Validity with Certify One
- Compiling OpenSSL From Source
- Release Policy
- Source
- Build Script
- Compilation
- Integrating OpenSSL with Your Visual Studio Project
- Additional Include Directories
- Additional Library Directories
- Privilege Escalation Mitigation
- Compatibility and Support Matrix
- License, Warranty, and Support
- Acknowledgments
- Buy SSL / TLS Certificates
About OpenSSL
OpenSSL is a popular open-source, publicly available software library that provides a robust, full-featured set of cryptographic functions and tools to secure communications over computer networks. When we build and ship FireDaemon Certify One, FireDaemon Fusion, and FireDaemon Lozenge we try to ensure it contains the most recent version of OpenSSL. We thought it would be useful to make our OpenSSL Binary Distribution available to you to download and use free of charge. The key advantages of using our OpenSSL Binary Distribution for Microsoft Windows over others that are available are:
- No need to deploy various software tools in order to attempt to compile the source from scratch. Our build script is available for free too if you do want to compile OpenSSL yourself.
- No external dependencies. There is no need to install or distribute the Visual C++ Redistributable Runtime (MSVC). There is an implicit dependency on the Windows Universal C Runtime (UCRT) which is included by default in all modern versions of Microsoft Windows.
- Packaged for simple deployment and use case scenarios including standalone, embeddable, deployable, or portable
- Digitally signed with our Extended Validation (EV) code signing certificate in order to avoid Windows SmartScreen warnings, and increase trust by virtue of Sectigo’s authentication and verification procedures on us: FireDaemon Technologies Limited and validatable binary integrity to meet your compliance requirements.
Download OpenSSL
Pre-compiled executables (EXE) and libraries (DLL) for Microsoft Windows Operating Systems. The distributions can be used standalone or integrated into any Windows application. The EXE and DLL are digitally signed with our Extended Validation (EV) code signing certificate. Note that we do not have an EAR CCL ECCN for our Binary Distributions. This is intentional. You must seek independent legal advice prior to using/integrating/exporting our Binary Distributions in your own products.
|
Download OpenSSL Binary Distributions for Microsoft Windows |
|
|
OpenSSL 3.1.3 ZIP File
September 2023 SHA2-256 19AB74ECFCC724C70978E115130FA1A0779F0F8315E0F3554496331A031C514C Git commit openssl-3.1.3-0-g7b649c73a2 |
OpenSSL 3.1.3 Windows x64 Installer
SHA2-256 C897942F2F319E070DCD0D882149E40B700ACAAA27532CC31439E172B5840DF1 Git commit openssl-3.1.3-0-g7b649c73a2 |
|
OpenSSL 3.0.11 ZIP File
September 2023 SHA2-256 14B0825F8C9885EDC14E205300CA0005B13F5C2162936ABBDAD431258E63F2A0 Git commit openssl-3.0.11-0-g6ba3884c32 |
OpenSSL 1.1.1w ZIP File
SHA2-256 1870B15BF6749E65FFBBADF52CDFF3EE0E9F02943550BF4395574BB432AF3EB8 Git commit OpenSSL_1_1_1w-0-ge04bd3433f |
|
For 64-bit / Win64 / x64 and 32-bit / Win32 / x86 Microsoft Windows Operating Systems To calculate / verify the SHA2-256 checksums please use FireDaemon Lozenge! OpenSSL maintains a list of 3rd-party maintained binary distributions of OpenSSL. Please review our Release Policy before downloading and using this distribution. You must seek independent legal advice prior to using / integrating / exporting our Binary Distributions. |
Installation Instructions
OpenSSL ZIP Files
- Follow the instructions below if you have downloaded one of the ZIP files above and want to deploy OpenSSL manually (e.g. on the local hard disk or on a USB drive for a portable installation)
- Download the appropriate FireDaemon OpenSSL Binary Distribution ZIP file via the links above.
- Unpack the contents of the «openssl-1.1» or «openssl-3» or «openssl-3.1.0» folder in the respective ZIP file to a temporary directory (e.g. C:\Temp)
- Copy the contents of (i.e. the files and directories contained within) the x64 folder or x86 folder to your target directory (e.g. C:\OpenSSL)
- Copy the ssl folder and contents to the target directory (e.g. C:\OpenSSL).
The commands to copy the files correctly from the location where you unpacked the ZIP file (assuming C:\Temp) are as follows:
: For OpenSSL 1.1 cd C:\Temp\openssl-1.1 : For OpenSSL 3.0 and 3.1 cd C:\Temp\openssl-3 : Copy the binaries specific to your platform : Copy 64-bit binaries robocopy x64 C:\OpenSSL /E : Or, copy 32-bit binaries. Don't copy both! robocopy x86 C:\OpenSSL /E : Copy the ssl folder robocopy ssl C:\OpenSSL\ssl /E
Your directory structure should look as follows:
C:\OpenSSL>dir /b bin include lib ssl
To use OpenSSL, simply open an elevated Command Prompt then (adjusting the path in OPENSSL_HOME to suit your manual installation):
: You can set OPENSSL_HOME=%~dp0 in a batch script for portable installs set OPENSSL_HOME=C:\OpenSSL set OPENSSL_CONF=%OPENSSL_HOME%\ssl\openssl.cnf set PATH=%OPENSSL_HOME%\bin;%PATH% cd /d %OPENSSL_HOME% openssl version -a
To create a certificate signing request and private key using the same environment variables as above :
openssl genrsa -out server.key 4096 openssl req -new -key server.key -out server.csr -sha256 openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
OpenSSL Windows Installer
Instead of downloading the ZIP file, and for convenience, you can download our Windows installer via the link above in the «Download OpenSSL» section. Installation is straightforward. OpenSSL is installed into the following file system locations. These locations are specified during the build and follow OpenSSL’s own conventions. Thanks to Advanced Installer for helping us out.
%PROGRAMFILES%\FireDaemon OpenSSL 3 %PROGRAMFILES%\Common Files\FireDaemon SSL 3
You can silently install OpenSSL with the following command in an elevated command prompt:
FireDaemon-OpenSSL-x64-3.1.3.exe /exenoui /exelog fdopenssl3.log /qn /norestart REBOOT=ReallySuppress
You can silently uninstall OpenSSL with the following command in an elevated command prompt:
: Verify Product GUID
wmic product where name="FireDaemon OpenSSL 3" get IdentifyingNumber
: Uninstall silently
msiexec /x {A8B0D50D-F952-49EB-A53A-BDB95BA32284} /quiet /noreboot
OpenSSL Screenshot
Below is a screenshot showing the executed commands at an elevated command prompt:
OpenSSL Documentation
Please refer to OpenSSL’s documentation.
Checking SSL / TLS Certificate Validity with Certify One
FireDaemon Certify One allows you to audit, check, inspect, and validate SSL / TLS certificates and certificate chains. Fortify also has a browser-based TLS Encryption Check Tool available.
Compiling OpenSSL From Source
Release Policy
Whenever we release an updated version of FireDaemon Fusion, FireDaemon Certify One, or OpenSSL gets updated with security fixes, we will provide the latest tagged version of the OpenSSL stable branch. The currently deployed OpenSSL library commit versions are listed underneath the download links above. Commit is described viz:
git describe --always --tag --long --first-parent --dirty
Source
We directly pull from OpenSSL’s official GitHub repository.
Build Script
You can use our build script to create the binary distributions. The build script has the following dependencies:
- Visual Studio Community Edition
- Git for Windows
- Strawberry Perl.
Compilation
The actual command line to build OpenSSL is as follows (where %toolset% is VC-WIN32 and VC-WIN64A respectively):
perl ..\Configure %toolset% no-asm no-ssl3 no-zlib no-comp no-autoload-config --api=1.1.0 --prefix="%installdir%" --openssldir="%commoninstalldir%" -DOPENSSL_NO_DEPRECATED
Integrating OpenSSL with Your Visual Studio Project
To use the headers and libraries present in OpenSSL in your Visual Studio project, you will need to configure the properties of your project.
Additional Include Directories
Prepend «C:\Program Files\FireDaemon Open SSL 3\include»; to Property Pages -> C/C++ -> General -> Additional Include Directories in your project per the screenshot below (adjusting the prepended path to suit your installation):
Additional Library Directories
Prepend «C:\Program Files\FireDaemon Open SSL 3\lib»; to Property Pages -> Linker -> General -> Additional Library Directories in your project per the screenshot below (adjusting the prepended path to suit your installation):
Privilege Escalation Mitigation
When building OpenSSL, the build scripts bake the default location of the library (ie. the installation directory) and the SSL configuration into the final product. By default, OpenSSL automatically loads the SSL configuration file from the default file system location. This leads to an easily exploitable privilege escalation scenario documented in CVE-2019-12572. Our build of OpenSSL mitigates this flaw using the following preventative measures:
- The target directories we have chosen are Windows’ default system program files directories assuming a 64-bit architecture with a shared configuration file directory common to both x64 and x86:
- x64: C:\Program Files\FireDaemon OpenSSL, C:\Program Files\Common Files\FireDaemon SSL
- x86: C:\Program Files (x86)\FireDaemon OpenSSL, C:\Program Files\Common Files\FireDaemon SSL
- To mitigate security holes even on non-default installations, we build the library such that it doesn’t automatically load the SSL configuration. Hence, when using the OpenSSL tools or the DLLs in your products you have to explicitly load the SSL configuration.
- All FireDaemon software products that utilise OpenSSL initialise the OpenSSL library at runtime using a flag that prevents the loading of the default configuration.
Compatibility and Support Matrix
The table below provides a compatibility and support matrix, mapping specific compatible Microsoft Windows operating system versions to specific FireDaemon OpenSSL software versions.
| OpenSSL Versions |
OpenSSL 3.1, 3.0, and 1.1.1 | |
| Windows Operating System Version | 32-bit (x86) | 64-bit (x64) |
| Windows XP (1) | ||
| Windows Vista (1) | ||
| Windows 7 (1) | ||
| Windows 8 (1) | ||
| Windows 8.1 (1) | ||
| Windows 10 | ||
| Windows 11 | ||
| Server 2008 (2) | ||
| Server 2008 R2 (2) | ||
| Server 2012 | ||
| Server 2012 R2 | ||
| Server 2016 | ||
| Server 2019 | ||
| Server 2022 |
(1) Windows Desktop Operating System is End of Support
(2) Windows Server Operating System is End of Support
| Compatible / Supported | The software product is designed to be installed on the Microsoft Windows operating system version. The operating system version plus software version combination is actively supported by us on the proviso that the 32-bit (x86) version is deployed on a 32-bit (x86) operating system and the 64-bit (x64) version is deployed on a 64-bit (x64) operating system. Please see the License, Warranty, and Support section below. |
| Compatible / Unsupported | The software product should install on the Microsoft Windows operating system version. The operating system version plus software version combination is not supported by us. This is typically due to the operating system version reaching End of Support. |
| Incompatible / Unsupported | The software product should not or does not install on the Microsoft Windows operating system version or does not work. The operating system version plus software version combination is not supported by us. |
License, Warranty, and Support
Our OpenSSL Binary Distribution is free to use and redistribute. Product use, redistribution, and warranty are governed by the OpenSSL License. If you have questions regarding OpenSSL, wish to report bugs, or require implementation guidance please consider joining the OpenSSL Community.
Acknowledgments
This product includes:
- Software developed by the OpenSSL Project for use in the OpenSSL Toolkit
- Cryptographic software written by Eric Young
- Software written by Tim Hudson.
Buy SSL / TLS Certificates
Welcome to the OpenSSL Project
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit
for the Transport Layer Security (TLS) protocol formerly known as the
Secure Sockets Layer (SSL) protocol. The protocol implementation is based
on a full-strength general purpose cryptographic library, which can also
be used stand-alone.
OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson.
The official Home Page of the OpenSSL Project is www.openssl.org.
Table of Contents
- Overview
- Download
- Build and Install
- Documentation
- License
- Support
- Contributing
- Legalities
Overview
The OpenSSL toolkit includes:
-
libssl
an implementation of all TLS protocol versions up to TLSv1.3 (RFC 8446). -
libcrypto
a full-strength general purpose cryptographic library. It constitutes the
basis of the TLS implementation, but can also be used independently. -
openssl
the OpenSSL command line tool, a swiss army knife for cryptographic tasks,
testing and analyzing. It can be used for- creation of key parameters
- creation of X.509 certificates, CSRs and CRLs
- calculation of message digests
- encryption and decryption
- SSL/TLS client and server tests
- handling of S/MIME signed or encrypted mail
- and more…
Download
For Production Use
Source code tarballs of the official releases can be downloaded from
www.openssl.org/source.
The OpenSSL project does not distribute the toolkit in binary form.
However, for a large variety of operating systems precompiled versions
of the OpenSSL toolkit are available. In particular, on Linux and other
Unix operating systems, it is normally recommended to link against the
precompiled shared libraries provided by the distributor or vendor.
For Testing and Development
Although testing and development could in theory also be done using
the source tarballs, having a local copy of the git repository with
the entire project history gives you much more insight into the
code base.
The official OpenSSL Git Repository is located at git.openssl.org.
There is a GitHub mirror of the repository at github.com/openssl/openssl,
which is updated automatically from the former on every commit.
A local copy of the Git Repository can be obtained by cloning it from
the original OpenSSL repository using
git clone git://git.openssl.org/openssl.git
or from the GitHub mirror using
git clone https://github.com/openssl/openssl.git
If you intend to contribute to OpenSSL, either to fix bugs or contribute
new features, you need to fork the OpenSSL repository openssl/openssl on
GitHub and clone your public fork instead.
git clone https://github.com/yourname/openssl.git
This is necessary because all development of OpenSSL nowadays is done via
GitHub pull requests. For more details, see Contributing.
Build and Install
After obtaining the Source, have a look at the INSTALL file for
detailed instructions about building and installing OpenSSL. For some
platforms, the installation instructions are amended by a platform specific
document.
- Notes for UNIX-like platforms
- Notes for Android platforms
- Notes for Windows platforms
- Notes for the DOS platform with DJGPP
- Notes for the OpenVMS platform
- Notes on Perl
- Notes on Valgrind
Specific notes on upgrading to OpenSSL 3.0 from previous versions can be found
in the ossl-guide-migration(7ossl) manual page.
Documentation
Manual Pages
The manual pages for the master branch and all current stable releases are
available online.
- OpenSSL master
- OpenSSL 3.0
- OpenSSL 1.1.1
Wiki
There is a Wiki at wiki.openssl.org which is currently not very active.
It contains a lot of useful information, not all of which is up-to-date.
License
OpenSSL is licensed under the Apache License 2.0, which means that
you are free to get and use it for commercial and non-commercial
purposes as long as you fulfill its conditions.
See the LICENSE.txt file for more details.
Support
There are various ways to get in touch. The correct channel depends on
your requirement. See the SUPPORT file for more details.
Contributing
If you are interested and willing to contribute to the OpenSSL project,
please take a look at the CONTRIBUTING file.
Legalities
A number of nations restrict the use or export of cryptography. If you are
potentially subject to such restrictions, you should seek legal advice before
attempting to develop or distribute cryptographic code.
Copyright
Copyright (c) 1998-2023 The OpenSSL Project Authors
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
OpenSSL for Windows 10 PC: Download OpenSSL for Windows 10/8/7 64-bit/32-bit. ✓ Safe and secure download! OpenSSL is one of the most popular Developer Tools apps nowadays! Install OpenSSL latest official version on your PC/laptop for free.
Embed SSL and TLS protocols support into your great projects
Table of Contents
OpenSSL Latest Version Overview
OpenSSL is a very fast, small, compact and innovative Developer Tools for Windows PC. It is designed to be uncomplicated for beginners and powerful for professionals. This app has unique and interesting features, unlike some other Developer Tools apps. OpenSSL works with most Windows Operating System.
OpenSSL is a Developer Tools application like WampServer, Node.js, and PHP from OpenSSL Software Foundation. It has a simple and basic user interface, and most importantly, it is free to download. OpenSSL is an efficient software that is recommended by many Windows PC users.
Although there are many popular Developer Tools software, most people download and install the Freeware version. However, don’t forget to update the programs periodically. You can get OpenSSL free and download its latest version for Windows 10/8/7 PC from below.
OpenSSL Technical Details
It’s better to know the app’s technical details and to have a knowledge about the app. Therefore, you can find out if OpenSSL will work on your Windows device or not.
| App Name: | OpenSSL |
| Developer: | OpenSSL Software Foundation |
| Category | Developer Tools |
| License: | Freeware |
Download OpenSSL for Windows 10 (64/32-bit) PC/laptop
Download OpenSSL (latest version) free for Windows 10 (64-bit and 32-bit) PC/laptop/tablet. Safe Download and Install from the official link!
OpenSSL 64-bit and 32-bit download features:
- Compatible with Windows 10 64-bit and 32-bit
- OpenSSL direct, free and safe download
- Latest version update
- Download OpenSSL for your PC or laptop
OpenSSL Setup Installer
Download & install the latest offline installer version of OpenSSL for Windows PC / laptop. It works with both 32-bit & 64-bit versions of Windows 10/8/7.
✓ OpenSSL 1.1.1d (32-bit)
✓ OpenSSL 1.1.1d (64-bit)
What is New in the OpenSSL Latest Version?
✓ Compatibilities improvement for new Windows update.
✓ Fixes bugs.
Best OpenSSL Alternative Apps for Windows
Isn’t OpenSSL what you were looking for? We prepared a list of alternatives below!
- Xojo
- Firebird
- ThinApp
- Paradigm
- Altova XMLSpy
Xojo
Firebird
ThinApp
Paradigm
Altova XMLSpyXojo, Firebird, and ThinApp is the strong competitor of OpenSSL. Otherwise, Paradigm and Altova XMLSpy also quite good as the alternative of this software. There are also other similar apps such as PHP, Node.js, and WampServer that also need to try if you want to find the best alternative of OpenSSL.
In Conclusion
The OpenSSL for Windows PC is unquestionably the best Developer Tools that you can find nowadays. It also is the most reliable when it comes to performance and stability. You can find that out for yourself. That is why a lot of PC users recommend this app.
Get superb and impressive experience using this OpenSSL application developed by OpenSSL Software Foundation. OpenSSL nowadays are already getting better each time.
If you have some questions related to this app, feel free to leave your queries in the comment section. Or you can share with us your experience when using this OpenSSL on your Windows 10 PC. And if you know other people who want to experience OpenSSL for Windows PC, you can share this article to help them. Enjoy using OpenSSL for Windows PC.
Find other interesting articles that will help you how to download Xojo for Windows 10 PC, install Firebird for Windows 10, ThinApp review, or about best Paradigm alternative apps for Windows 10.
OpenSSL FAQ (Frequently Asked Questions)
Q: What is OpenSSL for PC?
A: For more information about this app, please go to the developer link on the above of this page.
Q: Is this OpenSSL will typically run on any Windows?
A: Yes! The OpenSSL for PC will typically work on most recent Windows operating systems 64-bit and 32-bit.
Q: Is OpenSSL free? If not, how much does it price to download this app?
A: Absolutely no cost! You can download this app from official websites for free by this website—any extra details about the license you can found on the owner’s websites.
Q: What’s the difference between 64-bit and 32-bit versions of OpenSSL?
A: The OpenSSL 64-bit version was specially designed for 64-bit Windows Operating Systems and performed much better on those. The OpenSSL 32-bit version was initially intended for 32-bit Windows Operating Systems, but it can also run on 64-bit Windows Operating Systems.
Q: How do I access the free OpenSSL download for Windows PC?
A: It is easy! Just click the free OpenSSL download button in the above of this page. Clicking the download button will start the installer to download OpenSSL free for a PC/laptop.
Q: What’s the importance of downloading the latest version of OpenSSL?
A: We recommend downloading the latest version of OpenSSL because it has the most recent updates, which improves the quality of the application.
Disclaimer
OpenSSL is an application that builds by OpenSSL Software Foundation. All trademarks, product names, company names, and logos mentioned here are their respective owners’ property. This site (autotechint.com) is not affiliated with them directly. All information about applications, programs, or games on this website has been found in open sources on the Internet.
We don’t host or store OpenSSL on our servers. Downloads are done through the Official Site. We are firmly against piracy, and we do not support any sign of piracy. If you think that the application you own the copyrights is listed on our website and want to remove it, please contact us.
We are always compliant with DMCA regulations and respect the application owners. We are happy to work with you. Please find the DMCA / Removal Request page below.
What is OpenSSL?
OpenSSL is a single-system image clustering system that is open-source. It allows a group of computers to be viewed as a single colossal system, giving programs running on any one machine access to all of the cluster’s resources. [It is the culmination of a long development process that began with the development of LOCUS in the early 1980s.
OpenSSL allows a group of separate computers (nodes) to be regarded as one massive system. Processes running on any node have full access to all node resources.
Functionalities can be automatically transferred from node to node to balance system utilization. Alternatively, the cluster might be set up so that each node has direct access to the file system.
Step 1 Download OpenSSL Binaries
Link to Download OpenSSL binaries files: https://sourceforge.net/projects/openssl/files/
In our article, we are downloading
https://sourceforge.net/projects/openssl/files/openssl-1.0.2j-fips-x86_64/
Step 2 Unpack OpenSSL Zip files
Unpack the content of (openssl-1.0.2j-fips-x86_64.zip) zip file into your desired location in our example we are using (D:\OpenSSL) folder
This comes with three folders (bin, include & lib) as shown in the image
Step 3: Set OpenSSL Path in Windows path
We have extracted OpenSSL files in directory D:\OpenSSL\bin
So our OpenSSL path is D:\OpenSSL\bin
Open explorer and right-mouse click on This PC icon as shown in the image
Under System About window click on the Advanced system settings button
Under the System Property window click on the Environment Variables button
Under the Advanced Environment window select Path and then click on the Edit button
Under the Environment Variable window click on the New button
Paste the path of OpenSSL (D:\OpenSSL\bin) and click the OK button
Step 4: Set System Variable for OPENSSL_CONF
Now to set system variable for OPENSSL_CONF
Click on the New button under the System Variable window
Now add system variable values as given, the path to your openssl.conf file location as shown below, and click on the OK button
Name: OPENSSL_CONF
Value: D:\OpenSSL\bin\openssl.cnf
Now you can see that the system variable is set
For window 10 and 11 you don’t have to restart your system to effect changes, else you need to restart the system
Step5: Test OpenSSL
To test OpenSSL installed properly open the terminal and check the OpenSSL version
cmd: openssl version
If it displays the OpenSSL version then OpenSSL is installed properly.
Important Commands for Open SSL
Creating a Private Key
Private Key is very important it is required for all operations in SSL, this Private key is required to create a CSR file.
openssl genrsa -des3 -out mydomain-com.key 2048It will ask for the password, please keep the password in a safe place because it is required in many places.
1. Create CSR Creating a Certificate Signing Request
CSR file is required to generate an SSL certificate.
This CSR file contains information about the certificate and private key
openssl req -key mydomain-com.key -new -out mydomain-com.csrInformation required by CSR:
Enter pass phrase for mydomain-com.key:
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Haryana
Locality Name (eg, city) []:Gurgaon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:myDomain
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:www.mydomain.com
Email Address []:contact@mydomain.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Important: Common Name is the Fully Qualified Domain Name for which you want an SSL certificate.
This CSR file is used by different SSL certificate companies to generate SSL Certificate
Generate Private key and CSR with Single command.
openssl req -newkey rsa:2048 -keyout mydomain-com.key -out mydomain-com.csrCreating a Self-Signed Certificate
A self-Signed Certificate is an SSL certificate is generated by using your own private key, it is not used for commercial purposes because it shows a warning that says the certificate is not trusted.
So self-signed certificate can be used for development and testing purposes.
openssl x509 -signkey mydomain-com.key -in mydomain-com.csr -req -days 365 -out mydomain-com.crt
Convert CRT file to PFX file
The .pfx file is required to install an SSL certificate in the windows system, this file contains Private Key and SSL certificate.
openssl pkcs12 -export -out mydomain-com.pfx -inkey mydomain-com.key -in mydomain-com.crtGenerate SHA265 Key from .crt file
openssl x509 -in mydomain.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64Output:
XXXXXXxxXXXXXXXXXXXXXXXxXXXXxXXXX121XX=Generate PF12 file .crt file
openssl pkcs12 -export -out yourdomain.com.p12 -inkey yourdomain.com.key -in yourdomain.crt -certfile CACert.crtyourdomain.com.key: is the key file, it get generated when we create .CSR file
CACert.crt : root certificate, it comes with SSL certificate bundel file.
yourdomain.crt: is the main certificate file
OpenSSL 1.1.1i — криптографическая библиотека с кодом открытого типа «Open source». Она предназначена для работы с протоколами SSL и TLS, а также доступна для платформ Windows и Unix.
Основные возможности
- Поддержка практически всех алгоритмов хеширования, шифрования и электронной подписи.
- Реализация большинства криптографических стандартов.
- Работа с ключами (RSA, DH, DSA) и сертификатами.
- Поддержка сертификатов X.509.
- Формирование приватных ключей CRT и CSR.
- Тестирование соединений: SSL и TLS.
Удобство использования
Библиотеку используют все разработчики WEB-приложений, поскольку она отвечает за безопасность. При создании сайта обязательно необходимо создавать SSL-ключ (файл, позволяющий связать криптографический ключ с доменным именем или сервером). Библиотеку можно использовать для тестирования соединений SSL и TTL.
Специальных приложений для работы с библиотекой в графическом интерфейсе не существует. В этом случае приходится довольствоваться только консольным режимом, в котором требуется вводить команды.
Для новичка, на первый взгляд, покажется все очень сложным, но на самом деле это не так. Для работы с библиотекой в Интернете можно найти множество инструкций и видеоуроков, в которых детально объясняются основные аспекты ее использования.
«Изюминка» библиотеки заключается в открытом коде, в который можно вносить изменения, переписывать и удалять ненужные функции, т. е. создавать свой собственный модуль.
Разработчики рекомендуют скачивать ее с официального сайта. Однако не стоит забывать и о «GitHub» (хранилище, которое IT-специалисты используют для обмена программным кодом).
Достоинства
- Поддержка алгоритмов шифрования, хеширования.
- Работа с сертификатами и электронной подписью.
- Тестирование SSL/TTL-соединений.
- Гибкая настройка параметров создаваемых сертификатов.
- Поддержка CRT и CSR, а также сертификата X.509.
- Работа с ключами RSA, DH и DSA.
- Бесплатная версия.
- Открытый код (можно вносить свои коррективы в исходный программный код библиотеки).
- Высокая степень надежности.
- Реализация всех типов криптографических стандартов.
Недостатки
- Отсутствие графического интерфейса.
- Сложный синтаксис команд для новичков.
Библиотека является неотъемлемой частью каждого WEB-приложения и напрямую связана с его безопасностью. Благодаря открытому коду, ее можно изменить и доработать под свои предпочтения.