A password often needs to be convert to an MD5 or SHA algorithm using OpenSSL to be paste as hash into a SQL table or into a configuration file such as an XML or JSON file.
This is where the OpenSSL Toolkit can be used to convert a password.
Message-Digest Algorithm 5 (MD5) is a popular cryptographic hash function that calculates a 128-bit hash value from any message. Secure Hash Algorithm (SHA) refers to a group of standardized cryptological hash functions and is used to calculate a check value for any digital data and is, among other things, the basis for creating a digital signature.
How to convert password MD5-based
Fire up an terminal shell (Ctrl+Alt+T) or an command prompt and hitopenssl passwdto convert a password to MD5-based algorithm.
openssl is also available for windows, the article here shows how to do it.
OpenSSL passwd help is available with this command.
openssl passwd --help
Usage: passwd [options] [password]
-help Display this summary
-in infile Read passwords from file
-noverify Never verify when reading password from terminal
-stdin Read passwords from stdin
-quiet No warnings
-table Format output as table
-reverse Switch table columns
-salt val Use provided salt
-6 SHA512-based password algorithm
-5 SHA256-based password algorithm
-apr1 MD5-based password algorithm, Apache variant
-1 MD5-based password algorithm
-aixmd5 AIX MD5-based password algorithm
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
password Password text to digest (optional)
This tutorial show you how to convert a password to SHA or MD5-based algorithm.
We use the versatile OpenSSL Toolkit to convert passwords and key phrases. Under no circumstances you should use one of the many online tools on the web, as there is a risk that your password can be misused for malicious attacks.
Instead of the placeholder use your desired domain name. Upon completion of this process, you will be returned to a command prompt. You will not receive any notification that your CSR was successfully created.
The last file in the command with -out domain.csr contains the CSR we need for the Certificate Authority (CA) and is usually submitted to the certificate issuer after pasting into a form. This will generate the public certificate that you will download.
Yes, you’ll find out that it’s also very easy to do in the command prompt
The process with the inputs in this example shown bellow:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Quebec
Locality Name (eg, city) :Montreal
Organization Name (eg, company) :Wind Energy Ltd
Organizational Unit Name (eg, section) :Branch Lab
Common Name (e.g. server FQDN or YOUR name) :domain.tld
Email Address :email@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
Instead of the placeholder Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit Name, Common Name and Email Address use your desired Name, a optional challenge password does not have to be entered.
Let’s explain the command:
– openssl is the command for running OpenSSL.
– req is the OpenSSL utility for generating a CSR.
– -newkey rsa:2048 tells OpenSSL to generate a new 2048-bit RSA private key. If you would prefer a 4096-bit key you can change to 4096.
– -nodes is used to specify that the output of the command should not be encrypted. When this option is used, the private key associated with the certificate is displayed in plain text.
– -keyout domain.key specifies where to save the private key file.
– -out domain.csr specifies where to save the CSR file.
Optionally after generating you can check the SCR as follows:
openssl req -text -noout -verify -in domain.csr
The output looks something like this (abbreviated).
Certificate request self-signature verify OK
Version: 1 (0x0)
Subject: C = CA, ST = Quebec, L = Montreal, O = Wind Energy Ltd, OU = Branch lab, CN = domain.tld, emailAddress = firstname.lastname@example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
do not change the content of the CSR file, including the text BEGIN to END CERTIFICATE REQUEST with the bindings must be transmitted unchanged to the certificate authority issuer.
How to convert a .crt to the .pfx (PKCS#12) format
Windows services commonly use the PFX and PKCS12 format, like IIS and Microsoft Exchange Server use PFX (Personal Information Exchange) PKCS 12 certificates, here the x509 PEM certificates can be converted to PFX Certificate (.pfx) Format, how doing will show the following command:
A self-signed certificate domain.crt is created vaild for 10 years that’s signed with its own private key. It can be used to encrypt data just as well as CA-signed certificates, but you and your users will be shown a warning that says the certificate isn’t trusted, but you can solve that too.
In this tutorial you will learn how easy it is to manually deploy a X.509 certificate signing request (CSR) on Linux and Windows using OpenSSL. As the OpenSSL versatile toolkit is very widely used in many devices and applications, so it provide us numerous possibilities as shown in this article.
Yes, you’ll find out that it’s also very easy to do in the command prompt.