1 / 17

openssl

openssl. Onno W. Purbo onno@indo.net.id. Reference. http://www.openssl.org http://www.linuxdoc.org http://www.redhat.com. OpenSSL.

rogan-reid
Download Presentation

openssl

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. openssl Onno W. Purbo onno@indo.net.id

  2. Reference • http://www.openssl.org • http://www.linuxdoc.org • http://www.redhat.com

  3. OpenSSL • OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

  4. Private Key

  5. make server.key [root@linux conf]# make server.key umask 77 ; \ /usr/bin/openssl genrsa -des3 -rand 1024 > server.key 0 semi-random bytes loaded Generating RSA private key, 512 bit long modulus ...++++++++++++ ..++++++++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase:

  6. More server.key [root@linux conf]# more server.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,317BF4C50E1C590B X/V5VDJxPg702miehbOCsumLf2QS9vpO2YxI9BLsNrtBkPyN363UEVQ9Hsrpct mQhDa+/BXuUFqKtZcGJJef2kIhwqe1L5oW0RBRk5XJvOtVWkxobEuRq28f76+j 9+gtNW9O12tTXEg+nGR5KOWd+UEOCtLyCgs2YMfUwloGYzc26lw9n77VI7g0RC ViiNdZLGWlg2ywFBXGVBHeuo2a8NHXxOTuFdPdBP0UCodknzd+Af761FZPJDg0 HEvFzHUpoEExn00NzBUj0YvkUMtOXi4Q9GNB1V7UUiAJNwUZXjbjRgbUXfSMcZ ZY9LkHoc4cq5F4w+IN8O4KLkTfzLENdbbFP04R2BJ5ASx4r7GADaeCMaXUYuqU DjP5gGDIG0lHXSnn31tPBZeVX+AcYEmDU2Zbch5PxPs= -----END RSA PRIVATE KEY-----

  7. Private Key [root@linux conf]# openssl rsa -noout -text -in server.key read RSA key Enter PEM pass phrase: Private-Key: (512 bit) modulus: 00:a3:f6:5c:c5:39:72:54:80:41:94:6a:a0:ae:0c: 7c:eb:d8:ac:f5 publicExponent: 65537 (0x10001) privateExponent: 10:08:c2:af:c2:db:6c:6a:12:7f:ba:21:b6:83:9e: fa:e3:74:e1 prime1: 00:d3:a3:99:4f:43:ba:b3:97:a3:bc:58:e3:58:ce: c6:9a:ad prime2: 00:c6:54:77:29:cf:8d:8c:6a:f0:76:e5:61:db:c3: 33:ac:69

  8. Testing s_client

  9. S_client [root@linux conf]# openssl s_client -host localhost -port 443 CONNECTED(00000003) depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify error:num=18:self signed certificate verify return:1 depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify return:1 --- Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id i:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id

  10. S_client Command Line [root@linux conf]# openssl s_client -host localhost -port 443 CONNECTED(00000003) depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify error:num=18:self signed certificate verify return:1 depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify return:1 --- Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id i:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id

  11. S_client [root@linux conf]# openssl s_client -host localhost -port 443 CONNECTED(00000003) depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify error:num=18:self signed certificate verify return:1 depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify return:1 --- Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id i:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id Self Sign Cerificate

  12. S_client .. --- Server certificate -----BEGIN CERTIFICATE----- MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY= -----END CERTIFICATE----- subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id

  13. S_client .. --- Server certificate -----BEGIN CERTIFICATE----- MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY= -----END CERTIFICATE----- subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id Siapa Anda..

  14. S_client .. --- Server certificate -----BEGIN CERTIFICATE----- MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY= -----END CERTIFICATE----- subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id Issuer / Cerificate Authority

  15. S_client .. --- No client certificate CA names sent --- SSL handshake has read 1221 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 512 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03 Key-Arg : None Start Time: 988936497 Timeout : 300 (sec) Verify return code: 0 (ok)

  16. S_client .. --- No client certificate CA names sent --- SSL handshake has read 1221 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 512 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03 Key-Arg : None Start Time: 988936497 Timeout : 300 (sec) Verify return code: 0 (ok) Master Key

  17. S_client .. --- GET / <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <TITLE>Test Page for the Apache Web Server on Red Hat Linux</TITLE> </HEAD> <!-- Background white, links blue (unvisited), navy (visited), red (active) --> <BODY BGCOLOR="#FFFFFF"> <H1 ALIGN="CENTER">Test Page</H1> This page is used to test the proper operation of the Apache Web server after it has been installed. If you can read this page, it means that the Apache Web server installed at this site is working properly. </HTML> closed [root@linux conf]#

More Related