openssl - Red Hat Ecosystem Catalog

9.3-14

latest

9.3

Overview

Description

Container with the openssl binary, giving the ability to work with cryptographic keys and certificates needed for web servers. The openssl container provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Using the OpenSSL tool, you can generate private keys, create certificate signing requests (CSRs), and display certificate information.

Usage

To get the openssl container image on your local system, run the following:

$ podman pull registry.access.redhat.com/ubi9/openssl

To run the openssl command inside the openssl container, run:

$ podman run --rm -v ./mykeys:/keys:z \
registry.access.redhat.com/ubi9/openssl \
<openssl_command>

This command performs the following actions:

The -v ./mykeys:/keys:z option mounts the mykeys folder on the host to the keys folder inside the container. The folder needs to be created if it does not exist already.
This enables sharing the volume content between the container and the host. You can access the content of the keys folder from the mykeys folder on the host even if you exit the container.
The z option is needed to set correct SELinux labels.

Examples of the <openssl_command> are the following:

Generate a private RSA key:

genpkey -algorithm RSA -out key.pem

The default RSA key size is 2048 bits.

Generate a private Elliptic Curve (EC) key:

ecparam -genkey -name prime256v1 -noout -out ec256-key-pair.pem

You have to specify the curve designation to generate an EC key pair.
The EC keys are shorter than RSA keys, providing the same security. The advantages of EC keys are the reduced key size and hence speed.
The JOSE ESxxx signatures require P-256, P-384, and P-521 curves.
You could also use the -name option with secp384r1 or secp521r1 values for 384 or 521-bit key generation, respectively.

Display the certificate:

x509 -noout -text -in /etc/rhsm/ca/redhat-uep.pem

Request the certificate:

req -new -key key.pem -out req.pem

This command generates a certificate request from the private key mykeys/key.pem and saves it into the mykeys/req.pem file.

Verify the certificate:

verify -CAfile root.pem -untrusted intermediate.pem www.example.org.pem

You obtain the root.pem and intermediate.pem files from the Certificate Authority (CA) with this command. Both files are placed in the keys folder.

Products using this container

Red Hat Universal Base Image 9

Red Hat Universal Base Images (UBI) are OCI-compliant container base operating system images with complementary runtime languages and packages that are freely redistributable.

Containerized application

Security

Technical information

General information

The following information was extracted from the containerfile and other sources.

Summary	OpenSSL Portable Certificate and Signing Container
Description	Container with the openssl binary, giving ability to work with cryptographic keys and certificates needed for web servers.
Provider	Red Hat
Maintainer	SoftwareCollections.org <sclorg@redhat.com>

Technical information

The following information was extracted from the containerfile and other sources.

Repository name	ubi9/openssl
Image version	9.3
Architecture	amd64
Exposed ports	[]

Packages

Containerfile

Get this image

Terms & conditionsThe Red Hat Universal Base Image is free to deploy on Red Hat or non-Red Hat platforms and freely redistributable. Software vendors and community projects which build on UBI may have additional EULAs which apply to their layered software. Please refer to the End User License Agreement for the Red Hat Universal Base Image for information about use of the Red Hat Universal Base Image and associated software and source code.

Using registry tokens

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

Use the following instructions to get images from a Red Hat container registry using registry service account tokens. You will need to create a registry service account to use prior to completing any of the following tasks.

Using OpenShift secrets

First, you will need to add a reference to the appropriate secret and repository to your Kubernetes pod configuration via an imagePullSecrets field.

Copy to Clipboard

Then, use the following from the command line or from the OpenShift Dashboard GUI interface.

Copy to Clipboard

Using podman login

Use the following command(s) from a system with podman installed

Copy to Clipboard

Using docker login

Use the following command(s) from a system with docker service installed and running

Copy to Clipboard

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Using OpenShift

For best practices, it is recommended to use registry tokens when pulling content for OpenShift deployments.

Using podman login

Use the following command(s) from a system with podman installed

Copy to Clipboard

Using docker login

Use the following command(s) from a system with docker service installed and running

Copy to Clipboard

Unauthenticated

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

Update to new container registryTo support our existing users and users to come, we will be transitioning our product portfolio and customers to a new container registry. The new registry uses standard OAuth mechanisms to provide customers with the ability to configure their systems to pull containerized content using static tokens or their Red Hat login. Customers are encouraged to begin using the new registry as their preferred authentication method.

Use the following instructions to get images from a Red Hat container registry without providing authentication.

Using oc

A container image made to run with OpenShift platforms can either be pulled from the command line or from the OpenShift Dashboard GUI interface.

Copy to Clipboard

Using podman

Use the following command(s) from a system with podman installed

Copy to Clipboard

Using docker

Use the following command(s) from a system with docker service installed and running

Copy to Clipboard

Get the source

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

Getting source containers

Source code is available for all Red Hat UBI-based images in the form of downloadable containers. Here are a few things you should know about Red Hat source containers.

Although they are packaged as containers, source containers cannot be run. So instead of using podman pull to get them to your system, use the skopeo command.
Source containers are named based on the binary containers they represent. So, for example, to get the source container for a particular standard RHEL UBI 8 container (registry.access.redhat.com/ubi8/ubi8.1-397) you simply append -source to get the source code container for that image (registry.access.redhat.com/ubi8/ubi8.1-397-source).
The skopeo command is recommended for getting source containers. With skopeo, you copy a source container to a directory on your local system for you to examine.
Once a source container is copied to a local directory, you can use a combination of tar,gzip, and rpm commands to work with that content.

Step one

Use skopeo to copy the source image to a local directory

Copy to Clipboard

Step two

Inspect the image

Copy to Clipboard

Step three

Untar the contents

Copy to Clipboard

Step four

Begin examining and using the content.

openssl Deprecated

Description

Usage

See also

Products using this container

Red Hat Universal Base Image 9

Published

Release category

Size

Digest

General information

Technical information

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login

Using oc

Using podman

Using docker

Getting source containers

Step one

Step two

Step three

Step four

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

openssl Deprecated

Description

Usage

See also

Products using this container

Red Hat Universal Base Image 9

Published

Release category

Size

Digest

General information

Technical information

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login

Using oc

Using podman

Using docker

Getting source containers

Step one

Step two

Step three

Step four