====== La commande "openssl" ======
La page de [[man de openssl]].
===== Exemples =====
==== Avoir des informations sur un certificat local ====
$ openssl x509 -in test.crt -noout -text
==== Récupérer des informations sur un certificat distant ====
Dates de validité :
$ openssl s_client -showcerts -connect mon.site.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 29 07:23:13 2018 GMT
notAfter=Nov 27 07:23:13 2018 GMT
Source : [[https://www.shellhacks.com/openssl-check-ssl-certificate-expiration-date/|shellhacks.com]]
==== Voir comment se déroule la connexion avec TLS ====
$ openssl s_client -host simonlefort.be -port 443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = simonlefort.be
verify return:1
---
Certificate chain
0 s:CN = simonlefort.be
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAzDI7dzcDJFFhGCPhSuEOugeMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTAxMDQwNTI1MTlaFw0yMTA0MDQwNTI1MTlaMBkxFzAVBgNVBAMT
DnNpbW9ubGVmb3J0LmJlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
nKI1QA0/4qzHR183CzsjyLEumxY0Esn0mcvRNT1Xl979WTg+lDlNYSViELwTrBtO
Vm0jaQ4Ocq88z4MN7SkD1OC2Mj+0Mq08lb8OOoc21TPcuJqmoBeL5CoLx2WXVp29
EuGbfAb2LzpbX7YkfLvB9dvrcDfRHa9lb7alowTznkcZV+U3a+5DWnm7By4bZF6k
LNqcOkzYLm/gPMXXEjNe5v3mtaahSpzvYnjBNi4k6rBoeZYXs69v+0bKHfRpCHH8
570whnIFYTl4+ZR+oFscRoYFT/E9vqijr/yVNkNfTrGaz5vir9lUKom0x3H/m2QF
EIC+5nwu2ESdaluarguGXqh+xQ6busA42iz6MEwgvUsnzKy/pnFeJwk1Aviylc0z
upoJloOiek4fbKt28GTESpeJEr/LiJvHu9/E4uJTT/AUiFTT1/y5fJw9izJpMQ7j
9zmreE0YAmaBYPhREqvr8w6eEpYMz+lcAeC3CVVANmwdix7V6s0gKfZidoygL0oz
AgMBAAGjggJlMIICYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOda0wvElD0lSrkC
f66SXksSRpPfMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsG
AQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIG
CCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMDUGA1UdEQQuMCyCDnNp
bW9ubGVmb3J0LmJlghp4bXBwLXVwbG9hZC5zaW1vbmxlZm9ydC5iZTBMBgNVHSAE
RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2
AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABdswSSckAAAQDAEcw
RQIgZDNVmJHan67Uur8fQVmrBc894eCfbLUmDYLNPPwSwi8CIQD6CmEM7VxI6NWE
VzfpvBYtctjsXdlfkK+g82Gl5uflTgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/
LmqXaJl+IvDXAAABdswSSkAAAAQDAEcwRQIgPiIyUFiM262NU9CRrcYfAsOnUcqU
20a+0lZXJkJfSDkCIQCivz4LEw7AsajkfMBXocz4i+jKnCAS83RAVoxisgIn+zAN
BgkqhkiG9w0BAQsFAAOCAQEAsc2tPKa6RYRu2zsMT6ICAZ5PLhsPl99hI2PsCemh
Ln2PWv20SYoBFdPgaDf/MuGFrUU/1+wV68E7i2Gw1csEOX5pJa4DYZC7DK5rtum0
GRFglo8NByqEQnzFnGSyKNevY2a2aL0/m08DEmo/c0mrJ7PwCH7IcIRVn28dcp8G
QaDbrNbPeR2r6Qn7bRRhk7lC7a+KIvZITjACbBMkH5/840Zkc6zcLEwVY95YhmgA
Zw3DKVeRFPpC8tRu3c4Xi47arwS+QDuF8crY8Dc0bMtTAO/YdKy30/wRoEaLkJqw
inasdDS2/cmsevlaTT2sXK8HeQ1tz/Lx40+M8o2wPIfJxQ==
-----END CERTIFICATE-----
subject=CN = simonlefort.be
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3296 bytes and written 386 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 3072 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 6C0646071A6A536465B257579609473FE00430C0425CBA434FD44D36CEE9FCEF
Session-ID-ctx:
Resumption PSK: 49F1325FF5ED2A54D454C5D2C93FEB35E958759FAC108749B67DDD7A2FBF6FA2AB24B68778DE21042278B2BEC7E23B2B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - ab ea f5 35 44 19 8c 84-07 45 b7 a3 a5 77 73 d6 ...5D....E...ws.
0010 - b0 8f 35 19 61 a9 69 74-d3 c7 bd 7f f6 38 71 35 ..5.a.it.....8q5
Start Time: 1610395479
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B6643D912A0337A9271A67D8FFAD266B542E70F9BF5C55062788A24EFA90DE91
Session-ID-ctx:
Resumption PSK: A371D300FBA506F34315ECCCA1C9CF34E0CDCD352A997E3E6689B651722467D9ED66D7DB8160D5C1345860783DD1C927
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 86 ee 0a c4 eb 33 10 f6-58 15 53 be d3 25 df ec .....3..X.S..%..
0010 - 3d 96 4e bd 0c 13 8a 90-4f 05 99 91 91 af 74 d1 =.N.....O.....t.
Start Time: 1610395479
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK