OpenSSL

Settings related to generating keys, requests and self-signed certificates.

The req section is responsible for the DN prompts. A general misconception is the Common Name (CN) prompt, which suggests that it should have the user's proper name as a value. End-user certificates need to have the machine hostname as CN, whereas CA should not have a valid TLD, so that there is no chance that, between the possible combinations of certified end-users' CN and the CA certificate's, there is a match that could be misinterpreted by some software as meaning that the end-user certificate is self-signed. Some CA certificates do not even have a CN, such as Equifax:

$ openssl genpkey -algorithm x25519 -out file

$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out file

With , which supersedes genrsa according to :

$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:keysize -out file

If an encrypted key is desired, use the option.

Use :

$ openssl req -new -sha256 -key private_key -out filename

$ openssl req -key private_key -x509 -new -days days -out filename

You can combine the above command in OpenSSL into a single command which might be convenient in some cases:

$ openssl req -x509 -newkey rsa:4096 -days days -keyout key_filename -out cert_filename

See Diffie–Hellman key exchange for more information.

Current best practice is to use one of the standard DH groups from RFC:7919, eg. ffdhe2048.

Alternatively you can generate a random group of your own:

$ openssl dhparam -out filename 2048

$ openssl x509 -text -in cert_filename

$ openssl x509 -noout -in cert_filename -fingerprint -digest

-digest is optional and one of , -sha1, , or . See "-digest" in for when the digest is unspecified.

Use to convert certificates from binary (DER) format to PEM format (the text format with headers)：

$ openssl x509 -inform DER < myCA.crt > myCA_pem.crt

OpenSSL 1.1.0 changed the default digest algorithm for the dgst and enc commands from MD5 to SHA256.

Therefore if a file has been encrypted using OpenSSL 1.0.2 or older, trying to decrypt it with an up to date version may result in an error like:

error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:540

Supplying the option should solve the issue:

$ openssl enc -d -md md5 -in encrypted -out decrypted

In Python 3.10 by default there is a hardcoded list of allowed OpenSSL ciphers. Some of the less secure, like MD5, have been disabled at the module level, ignoring the system-wide configuration of OpenSSL. It results sometimes in strange errors on older certificates, sometimes even when establishing connections, like:

requests.exceptions.SSLError: HTTPSConnectionPool(host='a.kind.of.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(398, '[SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3862)')))

To make Python follow the system configuration, you may have to rebuild it, adding --with-ssl-default-suites=openssl parameter to . The issue has been also reported as FS#73549.