ssl

OpenSSL – client connect

Memo for testing ssl/startls connection:

StarTLS:

[leo@thinkleo2 ~]$ openssl s_client -connect mail.wide-net.org:25 -starttls smtp
CONNECTED(00000003)

[...]

Verify return code: 0 (ok)
---
220 srv01.mil1.wide-net.org ESMTP - Life is short talk fast!

SSL:

[leo@thinkleo2 ~]$ openssl s_client -connect mail.wide-net.org:465

CONNECTED(00000003)

[...]

Verify return code: 0 (ok)
---
220 srv01.mil1.wide-net.org ESMTP - Life is short talk fast!

Manipolazione certificati ssl P12

Memo su come estrarre i certificati compressi in P12

Comando per estrarre la chiave:

# openssl pkcs12 -nocerts -in cert.p12 -out key.pem

Comando per estrarre il certificato:

# openssl pkcs12 -nokeys -in cert.p12 -out cert.pem

Comando per decriptare la chiave, questo serve per evitare di reinserire tutte le volte che si usa la chiave, la password rsa:

# openssl rsa -in key.pem -out decryptkey.pem