openssl Command Reference for CI Scripts
openssl is a toolbox for hashing, random data, certificates, and TLS connections.
openssl covers the crypto odds and ends in a pipeline: generating random tokens, hashing, signing, inspecting certificates, and probing a TLS endpoint before a deploy.
Common flags/usage
- openssl rand -hex N: generate N random bytes as hex
- openssl dgst -sha256: hash a file or stream
- openssl x509 -in cert.pem -noout -dates: inspect a certificate
- openssl s_client -connect host:443: probe a TLS endpoint
- openssl enc -aes-256-cbc: symmetric encrypt/decrypt
Example
shell
TOKEN=$(openssl rand -hex 24)
echo | openssl s_client -connect "${HOST}:443" -servername "${HOST}" 2>/dev/null \
| openssl x509 -noout -enddateIn CI
openssl rand -hex is a quick way to mint a unique nonce or temp password. openssl s_client piped into openssl x509 -noout -enddate checks an expiring TLS cert before a deploy. Note s_client waits for input, so feed it echo | (or -prefer pre-close) so it does not hang a non-interactive job.
Key takeaways
- openssl rand -hex N mints random tokens and nonces.
- Pipe s_client into x509 -noout -enddate to check cert expiry pre-deploy.
- Feed s_client from echo | so it does not block a non-interactive job.
Related guides
sha256sum Command Reference for CI Scriptssha256sum computes and verifies checksums in CI for download integrity. Reference for -c verify mode, --statu…
base64 Command Reference for CI Scriptsbase64 encodes and decodes data for transporting secrets in CI. Reference for -d, -w0, and stdin usage, plus…
curl Command Reference for CI Scriptscurl transfers data over HTTP(S) in CI scripts. Reference for -f, -sS, -L, -o, and --retry so downloads fail…
ssh-keyscan Command Reference for CI Scriptsssh-keyscan fetches a host\u2019s public keys to pre-seed known_hosts in CI. Reference for -H, -t, -p, and th…