Outils pour utilisateurs

Outils du site


informatique:openssl

La commande "openssl"

La page de man de openssl.

Exemples

Avoir des informations sur un certificat local

$ openssl x509 -in test.crt -noout -text

Récupérer des informations sur un certificat distant

Dates de validité :

$ openssl s_client -showcerts -connect mon.site.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 29 07:23:13 2018 GMT
notAfter=Nov 27 07:23:13 2018 GMT

Source : shellhacks.com

Voir comment se déroule la connexion avec TLS

$ openssl s_client -host simonlefort.be -port 443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = simonlefort.be
verify return:1
---
Certificate chain
 0 s:CN = simonlefort.be
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAzDI7dzcDJFFhGCPhSuEOugeMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTAxMDQwNTI1MTlaFw0yMTA0MDQwNTI1MTlaMBkxFzAVBgNVBAMT
DnNpbW9ubGVmb3J0LmJlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
nKI1QA0/4qzHR183CzsjyLEumxY0Esn0mcvRNT1Xl979WTg+lDlNYSViELwTrBtO
Vm0jaQ4Ocq88z4MN7SkD1OC2Mj+0Mq08lb8OOoc21TPcuJqmoBeL5CoLx2WXVp29
EuGbfAb2LzpbX7YkfLvB9dvrcDfRHa9lb7alowTznkcZV+U3a+5DWnm7By4bZF6k
LNqcOkzYLm/gPMXXEjNe5v3mtaahSpzvYnjBNi4k6rBoeZYXs69v+0bKHfRpCHH8
570whnIFYTl4+ZR+oFscRoYFT/E9vqijr/yVNkNfTrGaz5vir9lUKom0x3H/m2QF
EIC+5nwu2ESdaluarguGXqh+xQ6busA42iz6MEwgvUsnzKy/pnFeJwk1Aviylc0z
upoJloOiek4fbKt28GTESpeJEr/LiJvHu9/E4uJTT/AUiFTT1/y5fJw9izJpMQ7j
9zmreE0YAmaBYPhREqvr8w6eEpYMz+lcAeC3CVVANmwdix7V6s0gKfZidoygL0oz
AgMBAAGjggJlMIICYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOda0wvElD0lSrkC
f66SXksSRpPfMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsG
AQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIG
CCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMDUGA1UdEQQuMCyCDnNp
bW9ubGVmb3J0LmJlghp4bXBwLXVwbG9hZC5zaW1vbmxlZm9ydC5iZTBMBgNVHSAE
RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2
AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABdswSSckAAAQDAEcw
RQIgZDNVmJHan67Uur8fQVmrBc894eCfbLUmDYLNPPwSwi8CIQD6CmEM7VxI6NWE
VzfpvBYtctjsXdlfkK+g82Gl5uflTgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/
LmqXaJl+IvDXAAABdswSSkAAAAQDAEcwRQIgPiIyUFiM262NU9CRrcYfAsOnUcqU
20a+0lZXJkJfSDkCIQCivz4LEw7AsajkfMBXocz4i+jKnCAS83RAVoxisgIn+zAN
BgkqhkiG9w0BAQsFAAOCAQEAsc2tPKa6RYRu2zsMT6ICAZ5PLhsPl99hI2PsCemh
Ln2PWv20SYoBFdPgaDf/MuGFrUU/1+wV68E7i2Gw1csEOX5pJa4DYZC7DK5rtum0
GRFglo8NByqEQnzFnGSyKNevY2a2aL0/m08DEmo/c0mrJ7PwCH7IcIRVn28dcp8G
QaDbrNbPeR2r6Qn7bRRhk7lC7a+KIvZITjACbBMkH5/840Zkc6zcLEwVY95YhmgA
Zw3DKVeRFPpC8tRu3c4Xi47arwS+QDuF8crY8Dc0bMtTAO/YdKy30/wRoEaLkJqw
inasdDS2/cmsevlaTT2sXK8HeQ1tz/Lx40+M8o2wPIfJxQ==
-----END CERTIFICATE-----
subject=CN = simonlefort.be
 
issuer=C = US, O = Let's Encrypt, CN = R3
 
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3296 bytes and written 386 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 3072 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 6C0646071A6A536465B257579609473FE00430C0425CBA434FD44D36CEE9FCEF
    Session-ID-ctx: 
    Resumption PSK: 49F1325FF5ED2A54D454C5D2C93FEB35E958759FAC108749B67DDD7A2FBF6FA2AB24B68778DE21042278B2BEC7E23B2B
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - ab ea f5 35 44 19 8c 84-07 45 b7 a3 a5 77 73 d6   ...5D....E...ws.
    0010 - b0 8f 35 19 61 a9 69 74-d3 c7 bd 7f f6 38 71 35   ..5.a.it.....8q5
 
    Start Time: 1610395479
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: B6643D912A0337A9271A67D8FFAD266B542E70F9BF5C55062788A24EFA90DE91
    Session-ID-ctx: 
    Resumption PSK: A371D300FBA506F34315ECCCA1C9CF34E0CDCD352A997E3E6689B651722467D9ED66D7DB8160D5C1345860783DD1C927
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - 86 ee 0a c4 eb 33 10 f6-58 15 53 be d3 25 df ec   .....3..X.S..%..
    0010 - 3d 96 4e bd 0c 13 8a 90-4f 05 99 91 91 af 74 d1   =.N.....O.....t.
 
    Start Time: 1610395479
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
informatique/openssl.txt · Dernière modification : 2021/01/11 20:05 de simon