openssl - Red Hat Ecosystem Catalog

8.9-13

latest

8.9

Overview

Features

Release categoryDeprecated

Privilege modePrivileged

Download this image

This will require authentication. View other options.

Description

Container with the openssl binary, giving the ability to work with cryptographic keys and certificates needed for web servers. The openssl container provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Using the OpenSSL tool, you can generate private keys, create certificate signing requests (CSRs), and display certificate information.

Usage

To get the openssl container image on your local system, run the following:

$ podman pull registry.access.redhat.com/ubi8/openssl

To run the openssl command inside the openssl container, run:

$ podman run --rm -v ./mykeys:/keys:z \
registry.access.redhat.com/ubi8/openssl \
<openssl_command>

This command performs the following actions:

The -v ./mykeys:/keys:z option mounts the mykeys folder on the host to the keys folder inside the container. The folder needs to be created if it does not exist already.
This enables sharing the volume content between the container and the host. You can access the content of the keys folder from the mykeys folder on the host even if you exit the container.
The z option is needed to set correct SELinux labels.

Examples of the <openssl_command> are the following:

Generate a private RSA key:

genpkey -algorithm RSA -out key.pem

The default RSA key size is 2048 bits.

Generate a private Elliptic Curve (EC) key:

ecparam -genkey -name prime256v1 -noout -out ec256-key-pair.pem

You have to specify the curve designation to generate an EC key pair.
The EC keys are shorter than RSA keys, providing the same security. The advantages of EC keys are the reduced key size and hence speed.
The JOSE ESxxx signatures require P-256, P-384, and P-521 curves.
You could also use the -name option with secp384r1 or secp521r1 values for 384 or 521-bit key generation, respectively.

Display the certificate:

x509 -noout -text -in /etc/rhsm/ca/redhat-uep.pem

Request the certificate:

req -new -key key.pem -out req.pem

This command generates a certificate request from the private key mykeys/key.pem and saves it into the mykeys/req.pem file.

Verify the certificate:

verify -CAfile root.pem -untrusted intermediate.pem www.example.org.pem

You obtain the root.pem and intermediate.pem files from the Certificate Authority (CA) with this command. Both files are placed in the keys folder.

Products using this container

Red Hat Universal Base Image 8

Red Hat Universal Base Images (UBI) are OCI-compliant container base operating system images with complementary runtime languages and packages that are freely redistributable.

Security

Specifications

Image specifications

The following information was extracted from the dockerfile and other sources.

Canonical image ID	openssl
Summary	OpenSSL Portable Certificate and Signing Container
Description	Container with the openssl binary, giving ability to work with cryptographic keys and certificates needed for web servers.
Provider	Red Hat
Maintainer	SoftwareCollections.org <sclorg@redhat.com>
Repository name	ubi8/openssl
Image version	8.9
Architecture	amd64
GPG Key ID

Packages

Containerfile

Get this image

Terms & conditionsThe Red Hat Universal Base Image is free to deploy on Red Hat or non-Red Hat platforms and freely redistributable. Software vendors and community projects which build on UBI may have additional EULAs which apply to their layered software. Please refer to the End User License Agreement for the Red Hat Universal Base Image for information about use of the Red Hat Universal Base Image and associated software and source code.

Registry tokens

Use a registry service account token to authenticate your container client. This allows you to pull images without using your personal Red Hat credentials, which is recommended for CI/CD pipelines and automated deployments.

Using Podman login

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Using Podman login

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Unauthenticated

Use the following instructions to get images from a Red Hat container registry without providing authentication.

Update to new container registryTo support our existing users and users to come, we will be transitioning our product portfolio and customers to a new container registry. The new registry uses standard OAuth mechanisms to provide customers with the ability to configure their systems to pull containerized content using static tokens or their Red Hat login. Customers are encouraged to begin using the new registry as their preferred authentication method.

Using podman

Use the following command(s) from a system with podman installed.

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Getting source containers

Source code is available for all Red Hat UBI-based images in the form of downloadable containers. Here are a few things you should know about Red Hat source containers.

Although they are packaged as containers, source containers cannot be run. So instead of using podman pull to get them to your system, use the skopeo command.
Source containers are named based on the binary containers they represent. So, for example, to get the source container for a particular standard RHEL UBI 8 container (registry.access.redhat.com/ubi8/ubi8.1-397) you simply append -source to get the source code container for that image (registry.access.redhat.com/ubi8/ubi8.1-397-source).
Once a source container is copied to a local directory, you can use a combination of tar,gzip, and rpm commands to work with that content.

Step one

Use skopeo to copy the source image to a local directory

Step two

Inspect the image

Step three

Untar the contents

Step four

Begin examining and using the content.

8.9-13

latest

8.9

Overview

Features

Release categoryDeprecated

Privilege modePrivileged

Download this image

This will require authentication. View other options.

Description

Usage

To get the openssl container image on your local system, run the following:

$ podman pull registry.access.redhat.com/ubi8/openssl

To run the openssl command inside the openssl container, run:

$ podman run --rm -v ./mykeys:/keys:z \
registry.access.redhat.com/ubi8/openssl \
<openssl_command>

This command performs the following actions:

The -v ./mykeys:/keys:z option mounts the mykeys folder on the host to the keys folder inside the container. The folder needs to be created if it does not exist already.
This enables sharing the volume content between the container and the host. You can access the content of the keys folder from the mykeys folder on the host even if you exit the container.
The z option is needed to set correct SELinux labels.

Examples of the <openssl_command> are the following:

Generate a private RSA key:

genpkey -algorithm RSA -out key.pem

The default RSA key size is 2048 bits.

Generate a private Elliptic Curve (EC) key:

ecparam -genkey -name prime256v1 -noout -out ec256-key-pair.pem

You have to specify the curve designation to generate an EC key pair.
The EC keys are shorter than RSA keys, providing the same security. The advantages of EC keys are the reduced key size and hence speed.
The JOSE ESxxx signatures require P-256, P-384, and P-521 curves.
You could also use the -name option with secp384r1 or secp521r1 values for 384 or 521-bit key generation, respectively.

Display the certificate:

x509 -noout -text -in /etc/rhsm/ca/redhat-uep.pem

Request the certificate:

req -new -key key.pem -out req.pem

This command generates a certificate request from the private key mykeys/key.pem and saves it into the mykeys/req.pem file.

Verify the certificate:

verify -CAfile root.pem -untrusted intermediate.pem www.example.org.pem

You obtain the root.pem and intermediate.pem files from the Certificate Authority (CA) with this command. Both files are placed in the keys folder.

Products using this container

Red Hat Universal Base Image 8

Red Hat Universal Base Images (UBI) are OCI-compliant container base operating system images with complementary runtime languages and packages that are freely redistributable.

Security

Specifications

Image specifications

The following information was extracted from the dockerfile and other sources.

Canonical image ID	openssl
Summary	OpenSSL Portable Certificate and Signing Container
Description	Container with the openssl binary, giving ability to work with cryptographic keys and certificates needed for web servers.
Provider	Red Hat
Maintainer	SoftwareCollections.org <sclorg@redhat.com>
Repository name	ubi8/openssl
Image version	8.9
Architecture	amd64
GPG Key ID

Packages

Containerfile

Get this image

Registry tokens

Using Podman login

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Using Podman login

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Unauthenticated

Use the following instructions to get images from a Red Hat container registry without providing authentication.

Using podman

Use the following command(s) from a system with podman installed.

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Getting source containers

Source code is available for all Red Hat UBI-based images in the form of downloadable containers. Here are a few things you should know about Red Hat source containers.

Although they are packaged as containers, source containers cannot be run. So instead of using podman pull to get them to your system, use the skopeo command.
Source containers are named based on the binary containers they represent. So, for example, to get the source container for a particular standard RHEL UBI 8 container (registry.access.redhat.com/ubi8/ubi8.1-397) you simply append -source to get the source code container for that image (registry.access.redhat.com/ubi8/ubi8.1-397-source).
Once a source container is copied to a local directory, you can use a combination of tar,gzip, and rpm commands to work with that content.

Step one

Use skopeo to copy the source image to a local directory

Step two

Inspect the image

Step three

Untar the contents

Step four

Begin examining and using the content.

opensslDeprecated

Features

Download this image

Description

Usage

See also

Products using this container

Red Hat Universal Base Image 8

Type

Stream

Size

Digest

Category

Image specifications

Registry tokens

Using Podman login

Image identifiers

Red Hat login

Using Podman login

Image identifiers

Unauthenticated

Using podman

Image identifiers

Getting source containers

Step one

Step two

Step three

Step four

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

opensslDeprecated

Features

Download this image

Description

Usage

See also

Products using this container

Red Hat Universal Base Image 8

Type

Stream

Size

Digest

Category

Image specifications

Registry tokens

Using Podman login

Image identifiers

Red Hat login

Using Podman login

Image identifiers

Unauthenticated

Using podman

Image identifiers

Getting source containers

Step one

Step two

Step three

Step four

openssl
Deprecated

openssl
Deprecated