Hits : 7473

Last Edit: 26.03.2020 17:40
Last Edit: 20.03.2016 22:02

OpenSSL :: Tips


Contents

  • TLS 
  • x509
  • xmpp / jabber
  • imap
  • SMTP
  • Convert p7b to x509
  • Verify Chain
  • DoT 

  • Private Key 


    $ openssl rsa -in privateKey.key -check
     
    $ openssl rsa -in privateKey.key -text  | more

    Verify Key Vs Crt


    $ openssl rsa -noout -modulus -in priv.key | md5sum
    7fadd5006a36cae62a437292e52d40db –
     
    $ openssl x509 -noout -modulus -in pub.crt | md5sum 
    7fadd5006a36cae62a437292e52d40db  -





    View expiration date on a SSL cert:

    $ openssl x509 -in <(openssl s_client -connect google.com:443) -noout -enddate
     
    $ openssl x509 -in <(openssl s_client -connect balaskas.gr:443 2>/dev/null) -noout -enddate

    TLS 


    if [ Protocol==TLSv1.2 ] then

    $ openssl s_client -connect example.com:443 -tls1_2 -tlsextdebug 2>&1 | grep extension



    $ openssl s_client -starttls smtp -crlf -connect localhost:25 | openssl x509 -noout -dates



    $ openssl s_client -connect smtp.gmail.com:587 -starttls smtp < /dev/null


    x509


    $ openssl x509 -text -noout -in <(openssl s_client -connect google.com:443)


    $ openssl req -text -noout -verify -in CSR.csr



    Expiration


    $ export CN='balaskas.gr';
    $ openssl x509 -text -in <(openssl s_client -connect ${CN}:443) | grep -E 'Not Before|Not After'

    xmpp / jabber

    server


    $ openssl s_client -connect balaskas.gr:5269  -starttls xmpp < /dev/null

    client


    $ openssl s_client -showcerts -connect balaskas.gr:5222 -starttls xmpp  </dev/null




    imap

    imaps


    $ openssl s_client -showcerts -connect imap.balaskas.gr:993 -crlf < /dev/null


    starttls



    $ openssl s_client -showcerts -connect imap.balaskas.gr:143 -starttls imap </dev/null


    SMTP

    SMTPS


    $ openssl s_client -showcerts -connect balaskas.gr:587 -starttls smtp </dev/null

    smtps


    $ openssl s_client -showcerts -connect balaskas.gr:465 </dev/null | head

    TTLS


    $ openssl s_client -showcerts -connect balaskas.gr:25 -starttls smtp </dev/null


    Convert p7b to x509


    $ openssl pkcs7 -print_certs -in example.org.p7b -out example.org.crt


    Verify Chain


    $ openssl verify -CAfile <(cat /etc/pki/tls/certs/ca-bundle.crt /tmp/certs ) /tmp/hackerspace.crt


    DoT 


    $ openssl x509 -in <(openssl s_client -connect dot.libredns.gr:853 2>/dev/null) -noout -enddate