Openssl: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
No edit summary
Line 41: Line 41:
== Certificate Verification Tools ==
== Certificate Verification Tools ==


  https://www.sslshopper.com/ssl-checker.html#hostname=wiki.quadratic.net
  https://www.sslshopper.com/ssl-checker.html


  https://www.ssllabs.com/ssltest/
  https://www.ssllabs.com/ssltest/

Revision as of 13:52, 1 June 2020

connect to ssl at the command line:

https:

openssl s_client -connect server:443

smtp tls:

openssl s_client -connect server:25 -starttls smtp

more here: http://www.madboa.com/geek/openssl/


CA or not CA

Web Server Cert:

       X509v3 extensions:
           X509v3 Basic Constraints: critical
               CA:FALSE

CA Cert:

      X509v3 extensions:
          X509v3 Basic Constraints: critical
              CA:TRUE

Supported Cyphers

You are configuring your favourite app that uses openssl libs. You give it a "cyphers string". Am I allowing bad varitions?

openssl ciphers -v TLSv1.2:+TLSv1.1:+SHA384:+SHA256:+SHA1:+MD5

Will spit out a lit of the supported cypher variations.


Matching key with cert

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

Certificate Verification Tools

https://www.sslshopper.com/ssl-checker.html
https://www.ssllabs.com/ssltest/