This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
пакет_openssl [2024/05/02 13:58] val [Настройка атрибутов базы CA в конфигурации ssl] |
пакет_openssl [2024/05/08 16:20] (current) val [Создание параметра DH] |
||
---|---|---|---|
Line 16: | Line 16: | ||
<code> | <code> | ||
$ openssl s_client -connect ru.wikipedia.org:443 | $ openssl s_client -connect ru.wikipedia.org:443 | ||
- | |||
- | $ openssl s_client -CApath /etc/ssl/certs/ -showcerts -connect student.bmstu.ru:443 | ||
$ openssl s_client -showcerts -connect webinar6.bmstu.ru:443 2>/dev/null | openssl x509 -noout -dates #-text | grep bmstu | $ openssl s_client -showcerts -connect webinar6.bmstu.ru:443 2>/dev/null | openssl x509 -noout -dates #-text | grep bmstu | ||
Line 23: | Line 21: | ||
$ faketime -f "+500d" wget -q -O /dev/null https://webinar7.bmstu.ru && echo Ok || echo Err | $ faketime -f "+500d" wget -q -O /dev/null https://webinar7.bmstu.ru && echo Ok || echo Err | ||
- | $ openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -crlf -connect mailhub.bmstu.ru:25 | + | $ openssl s_client -starttls smtp -crlf -connect mailhub.bmstu.ru:25 |
- | $ openssl s_client -cert user1.crt -key user1.key -connect www.corpX.un:443 | + | lan# openssl s_client -cert user1.crt -key user1.key -connect www.corpX.un:443 |
</code><code> | </code><code> | ||
GET /cgi-bin/test-cgi HTTP/1.1 | GET /cgi-bin/test-cgi HTTP/1.1 | ||
Host: www.corpX.un | Host: www.corpX.un | ||
</code><code> | </code><code> | ||
- | $ openssl s_client -cert user1.crt -key user1.key -connect server.corpX.un:993 | + | lan# openssl s_client -cert user1.crt -key user1.key -connect server.corpX.un:993 |
</code><code> | </code><code> | ||
01 AUTHENTICATE EXTERNAL = | 01 AUTHENTICATE EXTERNAL = | ||
Line 83: | Line 81: | ||
<code> | <code> | ||
# time openssl dhparam -out /etc/openvpn/dh2048.pem 2048 | # time openssl dhparam -out /etc/openvpn/dh2048.pem 2048 | ||
- | real 0m24.676s | + | ... |
+ | real 2m6.588s | ||
+ | ... | ||
</code> | </code> | ||
Line 139: | Line 139: | ||
==== Debian ==== | ==== Debian ==== | ||
<code> | <code> | ||
+ | # wget http://lan.corpX.un/ca.crt | ||
+ | |||
+ | # cp ca.crt /usr/local/share/ca-certificates/ | ||
+ | |||
server# cp corpX-PDC-CA.crt /usr/local/share/ca-certificates/ | server# cp corpX-PDC-CA.crt /usr/local/share/ca-certificates/ | ||
Line 383: | Line 387: | ||
Email Address [noc@corpX.un]:user1@corpX.un | Email Address [noc@corpX.un]:user1@corpX.un | ||
... | ... | ||
+ | </code> | ||
+ | ИЛИ | ||
+ | <code> | ||
+ | $ openssl req -new -key user1.key -out user1.req -subj '/C=RU/ST=Moscow region/L=Moscow/O=cko/OU=group1/CN=user1/emailAddress=user1@corpX.un/' | ||
</code> | </code> | ||
Line 400: | Line 408: | ||
<code> | <code> | ||
$ openssl pkcs12 -export -in user1.crt -inkey user1.key -out user1.p12 -passout pass:ppassword1 | $ openssl pkcs12 -export -in user1.crt -inkey user1.key -out user1.p12 -passout pass:ppassword1 | ||
+ | openssl3# openssl pkcs12 -legacy -export -in user1.crt -inkey user1.key -out user1.p12 -passout pass:ppassword1 | ||
$ openssl pkcs12 -info -in user1.p12 | $ openssl pkcs12 -info -in user1.p12 | ||
Line 413: | Line 422: | ||
lan# openssl ca -gencrl -out /var/www/html/ca.crl | lan# openssl ca -gencrl -out /var/www/html/ca.crl | ||
+ | |||
+ | lan# openssl crl -text -noout -in /var/www/html/ca.crl | less | ||
+ | ... | ||
+ | Serial Number: 0M | ||
+ | ... | ||
+ | Serial Number: 0N | ||
+ | ... | ||
</code> | </code> |