howtos:test_a_certificate_chain
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:test_a_certificate_chain [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | With OpenSSL you start a server instance: | ||
+ | < | ||
+ | openssl s_server -accept 9000 -cert cert.pem -key cert.key -CAfile ca.pem | ||
+ | Enter pass phrase for cert.key: | ||
+ | </ | ||
+ | |||
+ | ^ Parameter | ||
+ | | s_server | ||
+ | | -accept 9000 | Make the server listen on port 9000 | | ||
+ | | -cert cert.pem | ||
+ | | -key cert.key | Use the private key in the file cert.key | ||
+ | | -CAfile ca.pem | Use the CA chain file ca.pem | | ||
+ | |||
+ | What this command does is start a SSL server instance where it sends the certificate (cert.pem) and to make the certificate verifiable the CA chain (ca.pem) is appended. | ||
+ | |||
+ | This process will show if the chain corresponds to the certificate. | ||
+ | |||
+ | To test run this: | ||
+ | |||
+ | < | ||
+ | openssl s_client -connect localhost: | ||
+ | CONNECTED(00000003) | ||
+ | depth=2 / | ||
+ | verify error: | ||
+ | verify return:0 | ||
+ | --- | ||
+ | Certificate chain | ||
+ | 0 s:/ | ||
+ | | ||
+ | 1 s:/ | ||
+ | | ||
+ | 2 s:/ | ||
+ | | ||
+ | --- | ||
+ | Server certificate | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIDuzCCAqOgAwIBAgIQGpdMvqOpRl0RRpfwudI5jTANBgkqhkiG9w0BAQUFADCB | ||
+ | qDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf | ||
+ | Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEwMC4GA1UECxMnRm9yIFRl | ||
+ | c3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMSYwJAYDVQQDEx1UaGF3 | ||
+ | dGUgVHJpYWwgU2VjdXJlIFNlcnZlciBDQTAeFw0xMDA5MDIwMDAwMDBaFw0xMDA5 | ||
+ | MjMyMzU5NTlaMIGfMQswCQYDVQQGEwJESzETMBEGA1UECBMKQ29wZW5oYWdlbjET | ||
+ | MBEGA1UEBxQKQ29wZW5oYWdlbjEPMA0GA1UEChQGTWVkY29tMQswCQYDVQQLFAJJ | ||
+ | VDEwMC4GA1UECxQnRm9yIFRlc3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5j | ||
+ | ZXMuMRYwFAYDVQQDFA1ocy5rbXMubWVkY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN | ||
+ | ADCBiQKBgQDs0GceZbIumDfPLVhW9sDcRk6T5UwHAjor3r9HyTZLIF+Py8aF1Qcq | ||
+ | w/ | ||
+ | 13fC57cpeRhn5mBSxiRqbcpTtFgnxFdJzrn1fHc0RZySMAiupkWxQwIDAQABo2ww | ||
+ | ajAMBgNVHRMBAf8EAjAAMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwudGhh | ||
+ | d3RlLmNvbS9UaGF3dGVUcmlhbFNTTENBLmNybDAdBgNVHSUEFjAUBggrBgEFBQcD | ||
+ | AQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBADHBJLNwiS5kPY6RA/ | ||
+ | Tho5QH/ | ||
+ | 6xawfuS8oMVEjH4MS/ | ||
+ | 7TLXDKrV4/ | ||
+ | JjNAks6UD0E9rGY/ | ||
+ | jlYa5t0ep8/ | ||
+ | -----END CERTIFICATE----- | ||
+ | subject=/ | ||
+ | issuer=/ | ||
+ | --- | ||
+ | No client certificate CA names sent | ||
+ | --- | ||
+ | SSL handshake has read 3642 bytes and written 255 bytes | ||
+ | --- | ||
+ | New, TLSv1/ | ||
+ | Server public key is 1024 bit | ||
+ | Secure Renegotiation IS supported | ||
+ | Compression: | ||
+ | Expansion: NONE | ||
+ | SSL-Session: | ||
+ | Protocol | ||
+ | Cipher | ||
+ | Session-ID: 0A2080D06C5FDCE6FDC51A25A6943D5EFC547F670350A6FE4AE9664CF0535EF7 | ||
+ | Session-ID-ctx: | ||
+ | Master-Key: 936154921AA8759400E1BE3B63B702B68954F13C4875777EAEF402C513AEAC932243B8B6138850F3AC10F342D95F998C | ||
+ | Key-Arg | ||
+ | Start Time: 1283518640 | ||
+ | Timeout | ||
+ | Verify return code: 19 (self signed certificate in certificate chain) | ||
+ | --- | ||
+ | |||
+ | |||
+ | </ |
howtos/test_a_certificate_chain.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1