Openssl Onno W. Purbo [email protected]. Reference .
Dec 29, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Reference http://www.openssl.org http://www.linuxdoc.org http://www.redhat.com
OpenSSL OpenSSL is a cryptography toolkit
implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.
Private Key
make server.key[root@linux conf]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -des3 -rand 1024 > server.key
0 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
...++++++++++++
..++++++++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
More server.key[root@linux conf]# more server.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,317BF4C50E1C590B
X/V5VDJxPg702miehbOCsumLf2QS9vpO2YxI9BLsNrtBkPyN363UEVQ9Hsrpct
mQhDa+/BXuUFqKtZcGJJef2kIhwqe1L5oW0RBRk5XJvOtVWkxobEuRq28f76+j
9+gtNW9O12tTXEg+nGR5KOWd+UEOCtLyCgs2YMfUwloGYzc26lw9n77VI7g0RC
ViiNdZLGWlg2ywFBXGVBHeuo2a8NHXxOTuFdPdBP0UCodknzd+Af761FZPJDg0
HEvFzHUpoEExn00NzBUj0YvkUMtOXi4Q9GNB1V7UUiAJNwUZXjbjRgbUXfSMcZ
ZY9LkHoc4cq5F4w+IN8O4KLkTfzLENdbbFP04R2BJ5ASx4r7GADaeCMaXUYuqU
DjP5gGDIG0lHXSnn31tPBZeVX+AcYEmDU2Zbch5PxPs=
-----END RSA PRIVATE KEY-----
Private Key[root@linux conf]# openssl rsa -noout -text -in server.keyread RSA keyEnter PEM pass phrase:Private-Key: (512 bit)modulus: 00:a3:f6:5c:c5:39:72:54:80:41:94:6a:a0:ae:0c: 7c:eb:d8:ac:f5publicExponent: 65537 (0x10001)privateExponent: 10:08:c2:af:c2:db:6c:6a:12:7f:ba:21:b6:83:9e: fa:e3:74:e1prime1: 00:d3:a3:99:4f:43:ba:b3:97:a3:bc:58:e3:58:ce: c6:9a:adprime2: 00:c6:54:77:29:cf:8d:8c:6a:f0:76:e5:61:db:c3: 33:ac:69
Testing s_client
S_client
[root@linux conf]# openssl s_client -host localhost -port 443CONNECTED(00000003)depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] error:num=18:self signed certificateverify return:1depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] return:1---Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] i:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client
[root@linux conf]# openssl s_client -host localhost -port 443CONNECTED(00000003)depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] error:num=18:self signed certificateverify return:1depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] return:1---Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] i:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
Command Line
S_client
[root@linux conf]# openssl s_client -host localhost -port 443CONNECTED(00000003)depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] error:num=18:self signed certificateverify return:1depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] return:1---Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected] i:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
Self Sign Cerificate
S_client ..---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU
DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS
Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY=
-----END CERTIFICATE-----
subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/[email protected]
issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client ..---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU
DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS
Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY=
-----END CERTIFICATE-----
subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/[email protected]
issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/[email protected]
Siapa Anda..
S_client ..---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU
DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS
Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY=
-----END CERTIFICATE-----
subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/[email protected]
issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/[email protected]
Issuer / Cerificate Authority
S_client ..---No client certificate CA names sent---SSL handshake has read 1221 bytes and written 314 bytes---New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHAServer public key is 512 bitSSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03 Key-Arg : None Start Time: 988936497 Timeout : 300 (sec) Verify return code: 0 (ok)
S_client ..---No client certificate CA names sent---SSL handshake has read 1221 bytes and written 314 bytes---New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHAServer public key is 512 bitSSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03 Key-Arg : None Start Time: 988936497 Timeout : 300 (sec) Verify return code: 0 (ok)
Master Key
S_client ..---GET /<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><HTML> <HEAD> <TITLE>Test Page for the Apache Web Server on Red Hat
Linux</TITLE> </HEAD><!-- Background white, links blue (unvisited), navy (visited), red
(active) --> <BODY BGCOLOR="#FFFFFF"> <H1 ALIGN="CENTER">Test Page</H1> This page is used to test the proper operation of the Apache Web
server after it has been installed. If you can read this page, it means that the Apache Web server installed at this site is working properly.
</HTML>closed[root@linux conf]#
Related Documents
