Hits : 7701


Last Edit: 26.03.2020 17:40
Last Edit: 20.03.2016 22:02

OpenSSL :: Tips


Private Key 


$ openssl rsa -in privateKey.key -check
 
$ openssl rsa -in privateKey.key -text  | more

Verify Key Vs Crt


$ openssl rsa -noout -modulus -in priv.key | md5sum
7fadd5006a36cae62a437292e52d40db –
 
$ openssl x509 -noout -modulus -in pub.crt | md5sum 
7fadd5006a36cae62a437292e52d40db  -



View expiration date on a SSL cert:


$ openssl x509 -in <(openssl s_client -connect google.com:443) -noout -enddate
 
$ openssl x509 -in <(openssl s_client -connect balaskas.gr:443 2>/dev/null) -noout -enddate

TLS 


if [ Protocol==TLSv1.2 ] then


$ openssl s_client -connect example.com:443 -tls1_2 -tlsextdebug 2>&1 | grep extension

$ openssl s_client -starttls smtp -crlf -connect localhost:25 | openssl x509 -noout -dates

$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp < /dev/null

x509


$ openssl x509 -text -noout -in <(openssl s_client -connect google.com:443)

$ openssl req -text -noout -verify -in CSR.csr

Expiration


$ export CN='balaskas.gr';
$ openssl x509 -text -in <(openssl s_client -connect ${CN}:443) | grep -E 'Not Before|Not After'

xmpp / jabber

server


$ openssl s_client -connect balaskas.gr:5269  -starttls xmpp < /dev/null

client


$ openssl s_client -showcerts -connect balaskas.gr:5222 -starttls xmpp  </dev/null

imap

imaps


$ openssl s_client -showcerts -connect imap.balaskas.gr:993 -crlf < /dev/null

starttls


$ openssl s_client -showcerts -connect imap.balaskas.gr:143 -starttls imap </dev/null

SMTP

SMTPS


$ openssl s_client -showcerts -connect balaskas.gr:587 -starttls smtp </dev/null

smtps


$ openssl s_client -showcerts -connect balaskas.gr:465 </dev/null | head

TTLS


$ openssl s_client -showcerts -connect balaskas.gr:25 -starttls smtp </dev/null

Convert p7b to x509


$ openssl pkcs7 -print_certs -in example.org.p7b -out example.org.crt

Verify Chain


$ openssl verify -CAfile <(cat /etc/pki/tls/certs/ca-bundle.crt /tmp/certs ) /tmp/hackerspace.crt

DoT 


$ openssl x509 -in <(openssl s_client -connect dot.libredns.gr:853 2>/dev/null) -noout -enddate