Skip to content
Latchkey

openssl Command Reference for CI Scripts

openssl is a toolbox for hashing, random data, certificates, and TLS connections.

openssl covers the crypto odds and ends in a pipeline: generating random tokens, hashing, signing, inspecting certificates, and probing a TLS endpoint before a deploy.

Common flags/usage

  • openssl rand -hex N: generate N random bytes as hex
  • openssl dgst -sha256: hash a file or stream
  • openssl x509 -in cert.pem -noout -dates: inspect a certificate
  • openssl s_client -connect host:443: probe a TLS endpoint
  • openssl enc -aes-256-cbc: symmetric encrypt/decrypt

Example

shell
TOKEN=$(openssl rand -hex 24)
echo | openssl s_client -connect "${HOST}:443" -servername "${HOST}" 2>/dev/null \
  | openssl x509 -noout -enddate

In CI

openssl rand -hex is a quick way to mint a unique nonce or temp password. openssl s_client piped into openssl x509 -noout -enddate checks an expiring TLS cert before a deploy. Note s_client waits for input, so feed it echo | (or -prefer pre-close) so it does not hang a non-interactive job.

Key takeaways

  • openssl rand -hex N mints random tokens and nonces.
  • Pipe s_client into x509 -noout -enddate to check cert expiry pre-deploy.
  • Feed s_client from echo | so it does not block a non-interactive job.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →