Hits : 5445
Last Edit: 20.03.2016 22:02

OpenSSL :: Tips


Private Key 


~> openssl rsa -in privateKey.key -check

~> openssl rsa -in privateKey.key -text  | more

Verify Key Vs Crt


~> openssl rsa -noout -modulus -in priv.key | md5sum
7fadd5006a36cae62a437292e52d40db -

~> openssl x509 -noout -modulus -in pub.crt | md5sum 
7fadd5006a36cae62a437292e52d40db  -




View expiration date on a SSL cert:


~> openssl x509 -in <(openssl s_client -connect google.com:443) -noout -enddate
 
~> openssl x509 -in <(openssl s_client -connect balaskas.gr:443 2>/dev/null) -noout -enddate

TLS 


if [ Protocol==TLSv1.2 ] then


~> openssl s_client -connect example.com:443 -tls1_2 -tlsextdebug 2>&1 | grep extension

~> openssl s_client -starttls smtp -crlf -connect localhost:25 | openssl x509 -noout -dates

~> openssl s_client -connect smtp.gmail.com:587 -starttls smtp < /dev/null

x509


~> openssl x509 -text -noout -in <(openssl s_client -connect google.com:443)

~> openssl req -text -noout -verify -in CSR.csr

Expiration


~> export CN='balaskas.gr';
~> openssl x509 -text -in <(openssl s_client -connect ${CN}:443) | grep -E 'Not Before|Not After'

xmpp / jabber

server


~> openssl s_client -connect balaskas.gr:5269  -starttls xmpp < /dev/null

client


~> openssl s_client -showcerts -connect balaskas.gr:5222 -starttls xmpp  </dev/null

imap

imaps


~> openssl s_client -showcerts -connect imap.balaskas.gr:993 -crlf < /dev/null

starttls


~> openssl s_client -showcerts -connect imap.balaskas.gr:143 -starttls imap </dev/null

SMTP

SMTPS


~> openssl s_client -showcerts -connect balaskas.gr:587 -starttls smtp </dev/null

smtps


~~>  openssl s_client -showcerts -connect balaskas.gr:465 </dev/null | head

TTLS


~> openssl s_client -showcerts -connect balaskas.gr:25 -starttls smtp </dev/null

Convert p7b to x509


openssl pkcs7 -print_certs -in example.org.p7b -out example.org.crt


Verify Chain


openssl verify -CAfile <(cat /etc/pki/tls/certs/ca-bundle.crt /tmp/certs ) /tmp/hackerspace.crt