informatique:openssl
Table des matières
La commande "openssl"
La page de man de openssl.
Exemples
Avoir des informations sur un certificat local
$ openssl x509 -in test.crt -noout -text
Récupérer des informations sur un certificat distant
Dates de validité :
$ openssl s_client -showcerts -connect mon.site.com:443 2>/dev/null | openssl x509 -noout -dates notBefore=Aug 29 07:23:13 2018 GMT notAfter=Nov 27 07:23:13 2018 GMT
Source : shellhacks.com
Voir comment se déroule la connexion avec TLS
$ openssl s_client -host simonlefort.be -port 443 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = simonlefort.be verify return:1 --- Certificate chain 0 s:CN = simonlefort.be i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFvjCCBKagAwIBAgISAzDI7dzcDJFFhGCPhSuEOugeMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMTAxMDQwNTI1MTlaFw0yMTA0MDQwNTI1MTlaMBkxFzAVBgNVBAMT DnNpbW9ubGVmb3J0LmJlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA nKI1QA0/4qzHR183CzsjyLEumxY0Esn0mcvRNT1Xl979WTg+lDlNYSViELwTrBtO Vm0jaQ4Ocq88z4MN7SkD1OC2Mj+0Mq08lb8OOoc21TPcuJqmoBeL5CoLx2WXVp29 EuGbfAb2LzpbX7YkfLvB9dvrcDfRHa9lb7alowTznkcZV+U3a+5DWnm7By4bZF6k LNqcOkzYLm/gPMXXEjNe5v3mtaahSpzvYnjBNi4k6rBoeZYXs69v+0bKHfRpCHH8 570whnIFYTl4+ZR+oFscRoYFT/E9vqijr/yVNkNfTrGaz5vir9lUKom0x3H/m2QF EIC+5nwu2ESdaluarguGXqh+xQ6busA42iz6MEwgvUsnzKy/pnFeJwk1Aviylc0z upoJloOiek4fbKt28GTESpeJEr/LiJvHu9/E4uJTT/AUiFTT1/y5fJw9izJpMQ7j 9zmreE0YAmaBYPhREqvr8w6eEpYMz+lcAeC3CVVANmwdix7V6s0gKfZidoygL0oz AgMBAAGjggJlMIICYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOda0wvElD0lSrkC f66SXksSRpPfMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsG AQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIG CCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMDUGA1UdEQQuMCyCDnNp bW9ubGVmb3J0LmJlghp4bXBwLXVwbG9hZC5zaW1vbmxlZm9ydC5iZTBMBgNVHSAE RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2 AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABdswSSckAAAQDAEcw RQIgZDNVmJHan67Uur8fQVmrBc894eCfbLUmDYLNPPwSwi8CIQD6CmEM7VxI6NWE VzfpvBYtctjsXdlfkK+g82Gl5uflTgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/ LmqXaJl+IvDXAAABdswSSkAAAAQDAEcwRQIgPiIyUFiM262NU9CRrcYfAsOnUcqU 20a+0lZXJkJfSDkCIQCivz4LEw7AsajkfMBXocz4i+jKnCAS83RAVoxisgIn+zAN BgkqhkiG9w0BAQsFAAOCAQEAsc2tPKa6RYRu2zsMT6ICAZ5PLhsPl99hI2PsCemh Ln2PWv20SYoBFdPgaDf/MuGFrUU/1+wV68E7i2Gw1csEOX5pJa4DYZC7DK5rtum0 GRFglo8NByqEQnzFnGSyKNevY2a2aL0/m08DEmo/c0mrJ7PwCH7IcIRVn28dcp8G QaDbrNbPeR2r6Qn7bRRhk7lC7a+KIvZITjACbBMkH5/840Zkc6zcLEwVY95YhmgA Zw3DKVeRFPpC8tRu3c4Xi47arwS+QDuF8crY8Dc0bMtTAO/YdKy30/wRoEaLkJqw inasdDS2/cmsevlaTT2sXK8HeQ1tz/Lx40+M8o2wPIfJxQ== -----END CERTIFICATE----- subject=CN = simonlefort.be issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3296 bytes and written 386 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 3072 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6C0646071A6A536465B257579609473FE00430C0425CBA434FD44D36CEE9FCEF Session-ID-ctx: Resumption PSK: 49F1325FF5ED2A54D454C5D2C93FEB35E958759FAC108749B67DDD7A2FBF6FA2AB24B68778DE21042278B2BEC7E23B2B PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86400 (seconds) TLS session ticket: 0000 - ab ea f5 35 44 19 8c 84-07 45 b7 a3 a5 77 73 d6 ...5D....E...ws. 0010 - b0 8f 35 19 61 a9 69 74-d3 c7 bd 7f f6 38 71 35 ..5.a.it.....8q5 Start Time: 1610395479 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B6643D912A0337A9271A67D8FFAD266B542E70F9BF5C55062788A24EFA90DE91 Session-ID-ctx: Resumption PSK: A371D300FBA506F34315ECCCA1C9CF34E0CDCD352A997E3E6689B651722467D9ED66D7DB8160D5C1345860783DD1C927 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86400 (seconds) TLS session ticket: 0000 - 86 ee 0a c4 eb 33 10 f6-58 15 53 be d3 25 df ec .....3..X.S..%.. 0010 - 3d 96 4e bd 0c 13 8a 90-4f 05 99 91 91 af 74 d1 =.N.....O.....t. Start Time: 1610395479 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK
informatique/openssl.txt · Dernière modification : 2021/01/11 20:05 de simon