OpenSSL: Difference between revisions

From charlesreid1
Line 35: Line 35:


There are multiple other uses (beyond the scope of this page). See [[Certificates]] page.
There are multiple other uses (beyond the scope of this page). See [[Certificates]] page.
=Receiving Server Certificates=
If you want to receive a server certificate, you can call OpenSSL like this:
<pre>
$ openssl s_client -connect bettercrypto.org:443
</pre>
This creates a connection to the server. It does not do anything with that connection.
<pre>
$ openssl s_client -connect bettercrypto.org:443
CONNECTED(00000003)
depth=1 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=AT/CN=www.bettercrypto.org/emailAddress=aaron@lo-res.org
  i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
  i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHSDCCBjCgAwIBAgIHBqbTp3YiezANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE
aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs
YXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MTEyNDE5
MTMwMVoXDTE2MTEyNDEyMTMyNVowTTELMAkGA1UEBhMCQVQxHTAbBgNVBAMTFHd3
dy5iZXR0ZXJjcnlwdG8ub3JnMR8wHQYJKoZIhvcNAQkBFhBhYXJvbkBsby1yZXMu
b3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp5RRL0YQLqbmjS5u
ZWow6qAlAiUNjNoJg4zFkAYBR4QMtC/xSUADGSzxnItkVleerLS840InFbdq5Mtl
lftidQP7pmUXlH5m13vKx0BTcAzjn+BB89Bj+pCyAIN8VZ6xLFn6Ft6FM0DvIERV
z153jyfSUTjVU6YxMjU2NmwMS5atvxfEUyX6Qnxbtm4fzYVdpEOAmawUAlTfPEsh
MhTj4IJi29Ao7OKsBVMwUexcJN6H9bTTk58Ty6BFzeCpicXHz52N9f5W05jjsogh
0/DUu/ADM2oOFOQ/2Mn0nga1jKqpSbyzQHsle+8PeyLw0CH9e4SN634AjYvYEyq9
2sHsk0qrHgyrSAER1CNRpAvWYOT2QZu4MfhxEkzDIpEITG8Nr/51TbOhPYx2QFDw
60/zrEpOfp5kXRtHSblIg3J+GFq/TdTI5Zn3oVe1H1RCSCTYpC/vaNZRdNbii1Qr
Uupesq+vVCA3UKcpy0q9vYzm0r5WCJp4pEnnFUEA+BknyJpgcazE1eGh9loU9LHR
mNVIaoo1SOPUMh0ZCS0u9C6N2D3ibH6vl2Pfuow2+iFqb39PYZIsSs1DUSL2DMqr
PnnY79/WerBShR/A3Zg6bIJQ1FgqD7hmIiTrb5xWCwu0UMBIYRRuJDfhG43+0AMM
gFHX0yZjF2ebb28oVf7QVstplh8CAwEAAaOCAuswggLnMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQpYar8ImQL
ZFAlmgvoPe2a4N+GxjAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAx
BgNVHREEKjAoghR3d3cuYmV0dGVyY3J5cHRvLm9yZ4IQYmV0dGVyY3J5cHRvLm9y
ZzCCAVYGA1UdIASCAU0wggFJMAgGBmeBDAECATCCATsGCysGAQQBgbU3AQIDMIIB
KjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBk
ZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRp
bmcgdG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhl
IFN0YXJ0Q29tIENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVu
ZGVkIHB1cnBvc2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBv
YmxpZ2F0aW9ucy4wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5zdGFydHNz
bC5jb20vY3J0MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzAB
hi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9zZXJ2ZXIvY2Ew
QgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5j
bGFzczEuc2VydmVyLmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0
c3NsLmNvbS8wDQYJKoZIhvcNAQELBQADggEBAIOOf1X3AaAfyu5gVAsn8KUnU3Qx
lhKpKrnj3nnmg17rmyAAHD41hDO90D4pMvUMLDVSsSRhBa6E6/n8ClNgp3eCSMB2
cvsBgeEEPCnHzDpprxut3jzRR6rHeHHxU1eDjOnhGtR+gpcydqVm+mp4d33CFKkK
d7YXiuiS6sGIVZjIb0ftebFuN2AfzcN7e24f8I/cJ05fPyk8zzbmgUN9xug8P8tm
z1RMz6nQvFO8m574zqk1Ftd4xie1oxtNC8epW8GynIY6A0paSJ1usceQc6B/+seD
AboJ32ea+ygkmxD1CqEEzPuyk5HbEwFVt91GiaZs8mgdKs2n1uODVNd0bkw=
-----END CERTIFICATE-----
subject=/C=AT/CN=www.bettercrypto.org/emailAddress=aaron@lo-res.org
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5186 bytes and written 712 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES128-SHA
    Session-ID: D52006EF0762A74D4E05770F5309CD5C00FDB7A53CC35F3322845D1275B8874B
    Session-ID-ctx:
    Master-Key: 2A03332AE4CA944C52E994F6FBB99B515FCF34E2B19399BC6197FD2B028A4155C9BE7F59D17C27C680CC9AE6988324B3
    Key-Arg  : None
    Start Time: 1472311402
    Timeout  : 300 (sec)
    Verify return code: 0 (ok)
---
</pre>


=References=
=References=

Revision as of 15:24, 27 August 2016

Configure

New Instructions: From Homebrew

$ brew install openssl

Old Instructions: From Source

Configure 32 bit: 

./Configure --prefix=${HOME}/pkg/openssl/1.0.0_32

Configure 64 bit: 

./Configure darwin64-x86_64-cc --prefix=${HOME}/pkg/openssl/1.0.0_64

or just run ./Configure and follow the instructions.

Installing New Certificates

To install new certificates, put them in /usr/local/opt/openssl/certs

Once you do that, run /usr/local/opt/openssl/bin/c_rehash

This can be useful for a couple of different things:

There are multiple other uses (beyond the scope of this page). See Certificates page.

Receiving Server Certificates

If you want to receive a server certificate, you can call OpenSSL like this: 

$ openssl s_client -connect bettercrypto.org:443

This creates a connection to the server. It does not do anything with that connection. 

$ openssl s_client -connect bettercrypto.org:443
CONNECTED(00000003)
depth=1 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=AT/CN=www.bettercrypto.org/emailAddress=aaron@lo-res.org
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHSDCCBjCgAwIBAgIHBqbTp3YiezANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE
aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs
YXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MTEyNDE5
MTMwMVoXDTE2MTEyNDEyMTMyNVowTTELMAkGA1UEBhMCQVQxHTAbBgNVBAMTFHd3
dy5iZXR0ZXJjcnlwdG8ub3JnMR8wHQYJKoZIhvcNAQkBFhBhYXJvbkBsby1yZXMu
b3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp5RRL0YQLqbmjS5u
ZWow6qAlAiUNjNoJg4zFkAYBR4QMtC/xSUADGSzxnItkVleerLS840InFbdq5Mtl
lftidQP7pmUXlH5m13vKx0BTcAzjn+BB89Bj+pCyAIN8VZ6xLFn6Ft6FM0DvIERV
z153jyfSUTjVU6YxMjU2NmwMS5atvxfEUyX6Qnxbtm4fzYVdpEOAmawUAlTfPEsh
MhTj4IJi29Ao7OKsBVMwUexcJN6H9bTTk58Ty6BFzeCpicXHz52N9f5W05jjsogh
0/DUu/ADM2oOFOQ/2Mn0nga1jKqpSbyzQHsle+8PeyLw0CH9e4SN634AjYvYEyq9
2sHsk0qrHgyrSAER1CNRpAvWYOT2QZu4MfhxEkzDIpEITG8Nr/51TbOhPYx2QFDw
60/zrEpOfp5kXRtHSblIg3J+GFq/TdTI5Zn3oVe1H1RCSCTYpC/vaNZRdNbii1Qr
Uupesq+vVCA3UKcpy0q9vYzm0r5WCJp4pEnnFUEA+BknyJpgcazE1eGh9loU9LHR
mNVIaoo1SOPUMh0ZCS0u9C6N2D3ibH6vl2Pfuow2+iFqb39PYZIsSs1DUSL2DMqr
PnnY79/WerBShR/A3Zg6bIJQ1FgqD7hmIiTrb5xWCwu0UMBIYRRuJDfhG43+0AMM
gFHX0yZjF2ebb28oVf7QVstplh8CAwEAAaOCAuswggLnMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQpYar8ImQL
ZFAlmgvoPe2a4N+GxjAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAx
BgNVHREEKjAoghR3d3cuYmV0dGVyY3J5cHRvLm9yZ4IQYmV0dGVyY3J5cHRvLm9y
ZzCCAVYGA1UdIASCAU0wggFJMAgGBmeBDAECATCCATsGCysGAQQBgbU3AQIDMIIB
KjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBk
ZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRp
bmcgdG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhl
IFN0YXJ0Q29tIENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVu
ZGVkIHB1cnBvc2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBv
YmxpZ2F0aW9ucy4wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5zdGFydHNz
bC5jb20vY3J0MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzAB
hi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9zZXJ2ZXIvY2Ew
QgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5j
bGFzczEuc2VydmVyLmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0
c3NsLmNvbS8wDQYJKoZIhvcNAQELBQADggEBAIOOf1X3AaAfyu5gVAsn8KUnU3Qx
lhKpKrnj3nnmg17rmyAAHD41hDO90D4pMvUMLDVSsSRhBa6E6/n8ClNgp3eCSMB2
cvsBgeEEPCnHzDpprxut3jzRR6rHeHHxU1eDjOnhGtR+gpcydqVm+mp4d33CFKkK
d7YXiuiS6sGIVZjIb0ftebFuN2AfzcN7e24f8I/cJ05fPyk8zzbmgUN9xug8P8tm
z1RMz6nQvFO8m574zqk1Ftd4xie1oxtNC8epW8GynIY6A0paSJ1usceQc6B/+seD
AboJ32ea+ygkmxD1CqEEzPuyk5HbEwFVt91GiaZs8mgdKs2n1uODVNd0bkw=
-----END CERTIFICATE-----
subject=/C=AT/CN=www.bettercrypto.org/emailAddress=aaron@lo-res.org
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5186 bytes and written 712 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES128-SHA
    Session-ID: D52006EF0762A74D4E05770F5309CD5C00FDB7A53CC35F3322845D1275B8874B
    Session-ID-ctx:
    Master-Key: 2A03332AE4CA944C52E994F6FBB99B515FCF34E2B19399BC6197FD2B028A4155C9BE7F59D17C27C680CC9AE6988324B3
    Key-Arg   : None
    Start Time: 1472311402
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

References

http://www.openssl.org/source/

Retrieved from "https://charlesreid1.com/w/index.php?title=OpenSSL&oldid=13414"