![]() ![]() This table accompanies the presentation referenced here. #OPENSSL SCLIENT CONNECT MANUAL#O.SSL Checklist for Pentesters - the Manual Cheatsheet SSL Checklist for Pentesters - the Manual Cheatsheet New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 SSL handshake has read 1598 bytes and written 481 bytes Issuer=/C=NL/ST=Utrecht/L=Utrecht/O=Company/OU=Unit/CN=localhost Subject=/C=NL/ST=Utrecht/L=Utrecht/O=Company/OU=Unit/CN=localhost hX00Xm0xu6HsVvlW4Uk434Ll8fqR0xtk/V8QeBT1YYoU7V0VB5lvHgfTOPWzwn9ġ5CvHz6IBfzTOnTfkRTPPTnZofyXdnIiDwV9AF/CctLp7ievwJ7AkyktWShidIrP U+YIbUEiD/ahJxPhUwku8tfgnYQSw8Gie7C8O2AuOJbK+exw8WD96Bg8//Q9zvez K/PMk32IrWCgnn5Rtqcm4DDLkq+4nP4/178umEMAl3JIdGbWD1Bp2qFPFSUB5+Oh W0OTZ/Z393oFcPpuAJv9qUwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCĪQEAT7cdHVM/1w2AexF02N2MmR49lE5DYkhPAhjnAnVNXzW9mk+qgn96giav12Uo TjAdBgNVHQ4EFgQU0iARW0OTZ/Z393oFcPpuAJv9qUwwHwYDVR0jBBgwFoAU0iAR VuahTG2haEENFrdsiB4FSOjg7fY+ePRs38LIUJjiSrjRSzivPlNqaQIDAQABo1Aw TxsSVNoxBgAfeeAntK3LvHizqc0RGM1C4Dws6/wgdBum9eNZX9b7JttMpScpsJO/ ![]() HkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0wheYcT5/cDQLyXgbri/HLtu5EfmW5+į2sF/W3rsoVftbZMpKo9bAtbuWvST/Ds5jUh3uvbBOJho圜8Q0nh+8JxWMRW4miEĮHjodKNn951el+ME3nQJa79GfjJMMZRUqC6kxgsUS1MFoJ8NfpCpXSWf7zrbp116ĦrTd2iEEUEbR1om7+DYKe5WCDThXAR7BBtKbBmKjygsWQI/QfY5zHX89SsunXxkm MA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEQMA4GA1UECgwHQ29tĬGFueTENMAsGA1UECwwEVW5pdDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkq HhcNMTUwNzIyMDgxMDExWhcNMTYwNzIxMDgxMDExWjBmMQswCQYDVQQGEwJOTDEQ VQQKDAdDb21wYW55MQ0wCwYDVQQLDARVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3Qw MIIDnzCCAoegAwIBAgIJAJXhQQyaDaR9MA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVīAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MRAwDgYD I:/C=NL/ST=Utrecht/L=Utrecht/O=Company/OU=Unit/CN=localhost Verify error:num=18:self signed certificateĠ s:/C=NL/ST=Utrecht/L=Utrecht/O=Company/OU=Unit/CN=localhost $ openssl s_client -connect localhost:44330ĭepth=0 C = NL, ST = Utrecht, L = Utrecht, O = Company, OU = Unit, CN = localhos t #OPENSSL SCLIENT CONNECT FULL#To create a full circle, we’ll make sure our s_server is actually working by accessing it via openssl ~ ![]() If everything went right, you’ll see a privacy error, this is because we’re using a self-signed certificate (created in the preparation)Īfter you continued past the privacy error, you’ll see the response from the openssl s_server internal webserver:Īccessing the s_server via openssl s_client We can test our openssl s_server by accessing the following URL via your web browser: Right now, we’ve got a running secure server on port 44330 Accessing the s_server via web browser (Explanation of the arguments can be found at the bottom of this post) $ openssl s_server -key key.pem -cert cert.pem -accept 44330 -www (Explanation of the arguments can be found at the bottom of this post) Starting the OpenSSL ~ $ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodesįill in the details of your brand new certificate. Note You’ll only need to run this command ~ Preparationįirst we need to do a bit of preparation, we need to create two certificates which will be used by the OpenSSL s_server command. GOAL: At the end of this article, you will have a running secure web server which you can access via your web browser and/or via an SSL client. This post will mostly serve as a reference for future posts, the goal is to create the simplest HTTPS webserver possible, which will serve to test certificates, authentication via private keys and in the end configure SSL offloading to an Apache HTTPD, which will act as a proxy between your client and the secure endpoint. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |