cheat sheets.

$ cheat openssl
--- openssl version 2	Thu Nov 19 13:43:12 -0800 2009
+++ openssl version 4	Thu May 27 12:51:22 -0700 2010
@@ -1,40 +1,44 @@
 View a certificate:
   openssl x509 -in mycert.crt -text
 
 Remove passphrase from a key:
   openssl rsa -in server.key -out server-without-passphrase.key
 
 Generate a self-signed cert/key:
   openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout server.key
   -out server.pem
 
 Encrypt and decrypt a single file:
   openssl aes-128-cbc -salt -in file -out file.aes
   openssl aes-128-cbc -d -salt -in file.aes -out file
 
 tar and encrypt a whole directory:
   tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes
   openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x
 
 tar zip and encrypt a whole directory:
   tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tgz.aes
   openssl aes-128-cbc -d -salt -in directory.tgz.aes | tar -xz
 
 convert a .crt to .pem
   openssl x509 -inform DER -in ca_cert.crt -out ca_cert.pem -outform PEM
- 
+
 print cert info
   openssl x509 -in ca_cert.pem -text -noout
- 
+
 add CA cert to "trusted" (your unix distribution might have a different path to
 configuration). this will add a sym link with the hash as name
   cd /System/Library/OpenSSL/certs
   sudo ln -s ca_cert.pem `openssl x509 -hash -noout -in ca_cert.pem`.0
- 
+
 verify a server cert against a CA
   openssl verify -CApath /System/Library/OpenSSL/certs/ /tmp/securesite.com.pem
- 
+
 connect to a server (CApath to your distro)
   openssl s_client -CApath /System/Library/OpenSSL/certs/certs/ -connect
   securesite.com:443
+
+verify private key match
+  openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
+  openssl rsa -noout -modulus -in server.key | openssl md5
( add new | see all )