Skip to main content

Macam2 cerita pasal OPENSSL

USEFUL OPENSSL ONE-LINERS
As a follow up for the certificate authority posting, here are some (hopefully) useful openssl one-liners:

# creating a key
openssl genrsa -aes256 -out user.key 4096

# creating a certificate signing request
openssl req -sha256 -new -key user.key -out user.csr
# signing the certificate signing request with a certificate authority
openssl ca -config ca.config -out user.crt -infiles user.csr
# creating a self sigend certificate
openssl req -sha256 -new -x509 -key user.key -out user.crt
# verify if the ca.crt has really signed user.crt
openssl verify -CAfile ca.crt user.crt
# decrypting the key
openssl rsa -in user.key -out user.key.decrypted
# creating a pkcs#7 format certificate in DER format
openssl crl2pkcs7 -nocrl -certfile user.crt -certfile ca.crt -outform DER -out user.p7c
# creating a pkcs#12 format certificate (IIS)
openssl pkcs12 -export -in user.crt -inkey user.key -out server.pkcs12

# checking the data of a key
openssl rsa -noout -text -in user.key
# checking the data of the certificate request
openssl req -text -noout -in user.csr
# checking the data of a certificate
openssl x509 -noout -text -in user.crt
# checking the data of a pcks#7 certificate
openssl pkcs7 -inform DER -text -print_certs -in user.p7c
# checking the data of a pkcs#12 certificate
openssl pkcs12 -noout -info -in user.pkcs12

# showing the MD5 fingerprint of a certificate
openssl x509 -noout -fingerprint -in user.crt
# showing the SHA1 fingerprint of a certificate
openssl x509 -noout -fingerprint -sha1 -in user.crt
# converting a key from PEM to DER format
openssl rsa -inform PEM -outform DER -in user.key.decrypted -out user.der
# converting a certificate from PEM to DER format
openssl x509 -inform PEM -outform DER -in user.crt -out user.der
# check, if the certificate installation was successful
openssl s_client -connect FQDN:443 -CAfile /usr/local/lib/openssl/certs/ca-bundle.crt | openssl x509 -text | less

# provide an ssl server to test against
openssl s_server -accept 9000 -cert user.crt -key user.key
# verify a s/mime signature
openssl smime -CAfile /usr/local/lib/openssl/certs/ca-bundle.crt -verify -in messagefile >/dev/null

# extract the s/mime Certificate to something usable :-)
openssl smime -pk7out -in messagefile | openssl pkcs7 -print_certs

# show subject, startdate, enddate (validy-time / expire-date)
openssl x509 -noout -subject -startdate -enddate -in user.crt

Credit to: https://hexeract.wordpress.com/2009/04/17/useful-openssl-one-liners/
Labels:

Comments

Post a Comment

Popular posts from this blog

MYSQL TO MSSQL

Aduss berpeluh2 hampir 3 minggu cari solution utk convert db mysql to mssql. mula2 aku pakai phpmyadmin untuk generate sqldump. then aku terai import masuk ke mssql gunakan new query. rupa2nya phpmyadmin ni pon bengong. dia tak create ikut mssql punya format syntac, dia generate ikut kepala dia saja walaupun aku dah klik checkbox pada OPTION MSSQL format. patut le mssql tak mau terima, even barus yg paling mudah skali iaitu komen pon phpmyadmin tak tukar!!! ade ke format komen mssql si phpmyadmin masih pakai "--" (dash dash). mssql pakai syntax "/*" utk buka blok komen dan "*/" utk tutup blok komen. adusss.  banyak plak tu dalam sqldump aku nak kena tukar.. lemau aku. 160MB punya textfile. gilo apo nak ubah satu persatu baris.. berjuta baris woo.. 8 tahun pon tak siap nak ubah. tapi ada satu software boleh buat semua tu secara auto. SQL2MSS. aku cuma pakai demo set je. dia boleh sedut semua structure, tapi rekod cuma dapat 5 per table. jadi la 5 re...
1 comment
Read more

Microsoft Virtual PC: XP Mode, RPC is unavailable

hi, korang penah kene ke error diatas? bila bukak ms virtual pc. tetiba je masa nak start je XP Mode, :RPC is unavailable". pehh pening pala aku nak solve. lama2 boleh tumbuh uban woo. aku cuba buat macam ni je. 1. korang bukak ms virtual pc. 2. utk vpc yang sedia ada tu.. korang delete file dalam list tu. tapi pastikan fail tu hanya fail *.vmc atau *.vmcx je. kalau korang delete fail *.vhd, lingkup semua nanti.. hahahahaha hati2 aa 3. create semula dengan cara create baru ms vpc tu atau copy & paste dari yg lama. 4. kalau copy paste yg lama, may be tak jalan bila start, so modify sket path file *.vhd dalam setting tu. 5. cuba start. kalau ada pa pe, cuba rujuk link dibawah. may be berkesan jugak. until then, cherrio. sumber: http://social.technet.microsoft.com/Forums/en-US/w7itprovirt/thread/4765d915-cbe4-4629-aa3b-cba9efbb29b5/
1 comment
Read more

DotNetNuke 'WebForm_PostBackOptions' is undefined error, ASP.NET 2.0

Salam, pening kepala aku dok pikir apsal DNN ni kluar error bila aku cuba upgrade dari v6.2.0 kepada v6.2.3. satu hari ari ni dok try, tak boleh2.. sampai aku delete semua file installation semula. dah tu kena pasang balik semua (install new package). letih download, line selow. last skali aku baca info, dia kata suh ubah jam server kepada now! aku pon check la time kat server aku.. tarikh pon salah!! ade ke tunjuk tahun 2004?? ni mesti kes server blackout selalu ni. bila tukar tarikh hari ni.. tup tup semua installation jalan plak. wah.. suke suke... pe lagi.. check le tarikh server korang.. tah tah sama je ngan aku! hahahaha ok.. jumpe lagi DNN user. chow! rujukan: http://geekswithblogs.net/ranganh/archive/2009/01/07/webform_postbackoptions-is-undefined-error-asp.net-2.0.aspx
Post a Comment
Read more