revlis.nl
Stash of notes about OSS, OSes, virtualization, dev hobby projects &c
November 25, 2016 — 21:26
List deleted open files (after update):
lsof | grep -i libssl | grep DEL | awk '{print $1}' | sort | uniq
Generate CSR, self signed cert:
openssl genrsa -out rootCA.key 2048 openssl genrsa -des3 -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256
View CSR
openssl req -in file.csr -noout -text
View cert fingerprint
openssl x509 -fingerprint -noout -in file.crt -sha256 openssl x509 -fingerprint -noout -in file.crt -sha1 openssl x509 -fingerprint -noout -in file.crt -md5
View ciphers:
openssl ciphers -v 'TLSv1' | sort
Test ciphers:
openssl s_client -connect google.com:443 -cipher "EDH" openssl s_client -connect google.com:443 -cipher "RC4" openssl s_client -connect google.com:443 -tls1 openssl s_client -connect google.com:443 -tls1_1 openssl s_client -connect google.com:443 -tls1_2
echo -n | openssl s_client -connect google.com:443
nmap --script ssl-enum-ciphers -p 443
Get fingerprint from live SSL cert (IRC):
echo | openssl s_client -connect efnet.port80.se:6697 |& openssl x509 -fingerprint -noout -sha256 echo | gnutls-cli -p 6697 irc.underworld.no --print-cert | sed -n '/-----BEGIN CERT/,/-----END CERT/p' |& openssl x509 -fingerprint -noout -sha256
Show fingerprint:
openssl x509 -in cert.pem -fingerprint -noout
To change the password of your private key:
openssl rsa -des3 -in ca.key -out ca_new.key mv ca_new.key ca.key
Verifying that a Private Key Matches a Certificate
$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\ openssl rsa -noout -modulus -in server.key | openssl md5
Get the MD5 fingerprint of a certificate using OpenSSL
openssl dgst -md5 certificate.der
Get the MD5 fingerprint of a CSR using OpenSSL
openssl dgst -md5 csr.der
Debug SMTP/STARTTLS:
openssl s_client -debug -starttls smtp -crlf -connect localhost:25