• Hello Universe!

    Hello Universe!

    Welcome to Dev-Doc-Ops!

    It’s a space for Engineering Technologists, focusing on how to work with modular, open-source, & service-oriented architectural building-blocks, to create modern platforms for digital services.

    Core interests & practices:

    Public cloud hosting (mainly AWS), Microservices/SOA/REST API, DevOps delivery, Agile/SCRUM ways of working, Cyber Security/DevSecOps practices, GitOps.

    There are likely to be posts on other interesting topics too; the common thread being technology & engineering.

  • Tech Bookshelf

    Tech Bookshelf

    Read(ing) it. Recommend it.

    The Phoenix Project – Gene Kim et al.

    Site Reliability Engineering – Beyer et al.

    DevSecOps – Glenn Wilson.

    Scrum Master – Joe Justice.

    The Singularity Is Near – Ray Kurzweil.

  • Working with Digital Certificates

    Working with Digital Certificates

    On Ubuntu 20.

    Digital certificates are a fundamental part of modern security. They assist in proving athenticity, meaning they help prove something, or someone, is who they claim to be.

    File Formats (PFX & PKCS #12)


    Certificates are stored and transferred as files.

    Wikipedia explains the file types well: 


    In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.” 


    PKCS #12 is the successor to Microsoft‘s “PFX”;[5] however, the terms “PKCS #12 file” and “PFX file” are sometimes used interchangeably.” 

    – https://en.wikipedia.org/wiki/PKCS_12 


    View File Contents 


    certutil -dump filename.pfx 

    openssl.exe pkcs12 -info -in c:\temp\cert.pfx 

    # For help: openssl pkcs12 -help 


    Extract Certificate 


    # -clcerts = only output client certificate 

    openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] 


    # -cacerts = only output CA certificates 

    openssl pkcs12 in [yourfile.pfx] -cacerts -nokeys -out [drlive.bundle] 


    Extract Private Key 


    openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] 

    openssl rsa -in [drlive.key] -out [drlive-decrypted.key] 



    Create Intermediate Certificate Bundle 


    From PFX file: 

    # -cacerts = only output CA certificates 

    openssl pkcs12 in [yourfile.pfx] -cacerts -nokeys -out [drlive.bundle] 


    From CRT files: 



    Check Certificate 


    openssl x509 -in certname.crt -text -noout 


    Check Key 


    openssl rsa -in keyname.decrypted.key -check 


    Check Key Matches Certificate 


    MD5 output values should be matching: 

    openssl x509 -noout -modulus -in certname.crt | openssl md5 

    openssl rsa -noout -modulus -in keyname.decrypted.key | openssl md5 

    Test a Live Site Certificate 

    openssl s_client example.com:443