Scribd
Upload
125 views17 pages

Openssl 05 2001

OpenSSL is a cryptography toolkit that implements SSL and TLS network security protocols. The document discusses generating a private key, viewing the key details, and using OpenSSL commands like s_client to test a SSL/TLS connection to a server with a self-signed certificate.

Uploaded by

1025Anusri Kambhampati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
125 views17 pages

Openssl 05 2001

OpenSSL is a cryptography toolkit that implements SSL and TLS network security protocols. The document discusses generating a private key, viewing the key details, and using OpenSSL commands like s_client to test a SSL/TLS connection to a server with a self-signed certificate.

Uploaded by

1025Anusri Kambhampati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

openssl

Onno W. Purbo
[email protected]
Reference
 http://www.openssl.org
 http://www.linuxdoc.org
 http://www.redhat.com
OpenSSL
 OpenSSL is a cryptography toolkit
implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer
Security (TLS v1) network protocols and
related cryptography standards required
by them.
Private Key
make server.key
[root@linux conf]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -des3 -rand 1024 > server.key
0 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
...++++++++++++
..++++++++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
More server.key
[root@linux conf]# more server.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,317BF4C50E1C590B

X/V5VDJxPg702miehbOCsumLf2QS9vpO2YxI9BLsNrtBkPyN363UEVQ9Hsrpct
mQhDa+/BXuUFqKtZcGJJef2kIhwqe1L5oW0RBRk5XJvOtVWkxobEuRq28f76+j
9+gtNW9O12tTXEg+nGR5KOWd+UEOCtLyCgs2YMfUwloGYzc26lw9n77VI7g0RC
ViiNdZLGWlg2ywFBXGVBHeuo2a8NHXxOTuFdPdBP0UCodknzd+Af761FZPJDg0
HEvFzHUpoEExn00NzBUj0YvkUMtOXi4Q9GNB1V7UUiAJNwUZXjbjRgbUXfSMcZ
ZY9LkHoc4cq5F4w+IN8O4KLkTfzLENdbbFP04R2BJ5ASx4r7GADaeCMaXUYuqU
DjP5gGDIG0lHXSnn31tPBZeVX+AcYEmDU2Zbch5PxPs=
-----END RSA PRIVATE KEY-----
Private Key
[root@linux conf]# openssl rsa -noout -text -in server.key
read RSA key
Enter PEM pass phrase:
Private-Key: (512 bit)
modulus:
00:a3:f6:5c:c5:39:72:54:80:41:94:6a:a0:ae:0c:
7c:eb:d8:ac:f5
publicExponent: 65537 (0x10001)
privateExponent:
10:08:c2:af:c2:db:6c:6a:12:7f:ba:21:b6:83:9e:
fa:e3:74:e1
prime1:
00:d3:a3:99:4f:43:ba:b3:97:a3:bc:58:e3:58:ce:
c6:9a:ad
prime2:
00:c6:54:77:29:cf:8d:8c:6a:f0:76:e5:61:db:c3:
33:ac:69
Testing s_client
S_client
[root@linux conf]# openssl s_client -host localhost -port 443
CONNECTED(00000003)
depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/Email=onno
@indo.net.id
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/Email=onno
@indo.net.id
verify return:1
---
Certificate chain
0 s:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
i:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client Command Line

[root@linux conf]# openssl s_client -host localhost -port 443


CONNECTED(00000003)
depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/Email=onno
@indo.net.id
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/Email=onno
@indo.net.id
verify return:1
---
Certificate chain
0 s:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
i:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client
[root@linux conf]# openssl s_client -host localhost -port 443
CONNECTED(00000003) Self Sign Cerificate
depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/Email=onno
@indo.net.id
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/Email=onno
@indo.net.id
verify return:1
---
Certificate chain
0 s:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
i:/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client ..
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU
DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS
Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY=
-----END CERTIFICATE-----
subject=/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
issuer=/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client ..
---
Server certificate
-----BEGIN CERTIFICATE----- Siapa Anda..
MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU
DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS
Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY=
-----END CERTIFICATE-----
subject=/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
issuer=/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client ..
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU
DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS
Issuer / Cerificate Authority
Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY=
-----END CERTIFICATE-----
subject=/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
issuer=/C=ID/ST=DKI/L=Jakarta/O=Free
Agent/OU=Owner/CN=www.purbo.org/[email protected]
S_client ..
---
No client certificate CA names sent
---
SSL handshake has read 1221 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 512 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03
Key-Arg : None
Start Time: 988936497
Timeout : 300 (sec)
Verify return code: 0 (ok)
S_client ..
---
No client certificate CA names sent
---
SSL handshake has read 1221 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 512 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA Master Key
Session-ID:
Session-ID-ctx:
Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03
Key-Arg : None
Start Time: 988936497
Timeout : 300 (sec)
Verify return code: 0 (ok)
S_client ..
---
GET /
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Test Page for the Apache Web Server on Red Hat
Linux</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red
(active) --> <BODY BGCOLOR="#FFFFFF">
<H1 ALIGN="CENTER">Test Page</H1>
This page is used to test the proper operation of the Apache Web
server after it has been installed. If you can read this page,
it means that the Apache Web server installed at this site is
working properly.
</HTML>
closed
[root@linux conf]#

You might also like