Innehållsförteckning
maxLevel 2

Generera keystore med mellanliggande CA

...

Expandera

title	Command details

openssl x509 -inform DER -in "<target source>" -out <dest target> -outform PEM

openssl s_client kommandot implementerar en generisk SSL/TLS klient

-connect host:port

-prexit print on exit

Länka: s_client

Kodblock

&>openssl s_client -connect 33.33.33.33:20000 -prexit
 
 
CONNECTED(00000003)
depth=2 /C=SE/O=Inera AB/CN=SITHS Root CA v1
verify error:num=19:self signed certificate in certificate chain
verify return:0
22047:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:/SourceCache/OpenSSL098/OpenSSL098-47.2/src/ssl/s3_pkt.c:1106:SSL alert number 42
22047:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47.2/src/ssl/s23_lib.c:182:
---
Certificate chain
 0 s:/C=se/DC=Services/DC=Nod1/O=Inera_AB/CN=esb.ntjp.sjunet.org/serialNumber=HSASERVICES-106J
   i:/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
 1 s:/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
   i:/C=SE/O=Inera AB/CN=SITHS Root CA v1
 2 s:/C=SE/O=Inera AB/CN=SITHS Root CA v1
   i:/C=SE/O=Inera AB/CN=SITHS Root CA v1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGWzCCBEOgAwIBAgIQCQOCyORSzlnKHi8ZZ7PbtDANBgkqhkiG9w0BAQUFADA9
MQswCQYDVQQGEwJTRTERMA8GA1UECgwISW5lcmEgQUIxGzAZBgNVBAMMElNJVEhT
IFR5cGUgMiBDQSB2MTAeFw0xNDA0MTAxNDM2NDJaFw0xNjA0MTAyMTU4MDBaMIGJ
MQswCQYDVQQGEwJzZTEYMBYGCgmSJomT8ixkARkWCFNlcnZpY2VzMRQwEgYKCZIm
iZPyLGQBGRYETm9kMTERMA8GA1UECgwISW5lcmFfQUIxHDAaBgNVBAMME2VzYi5u
dGpwLnNqdW5ldC5vcmcxGTAXBgNVBAUTEEhTQVNFUlZJQ0VTLTEwNkowggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAaioXbk3QusJSTm7S49si8MOVixso
HT5F4IuK/9x1qaCIk7kVlTtLhOxrxKUz3OSlaSzhZ+D2uJ3O7USFglMDLVDvxGpB
+xymCg0aty0Hb4WQGZHjMFumEsJASo2qqkg18BdWJOecwhISp19LizB/NaGcnOlc
26Ghmbbnhku76a6RW/5ALmEW32+toeHOE2jo++qrXNNMRwe6oVEtgdQKWK3J6Cw0
KsHhrsE/FNrzHsCWHSW1zvjdsMws+OgKL3o40qeWnhgXYiXV1aarMyk2p2yxsI32
jzRuwQaDVYvcWnL6evjUu2MOYr5/pwXGwzWz9u9q5hQu1lGOLx8dzSMTAgMBAAGj
ggIIMIICBDAOBgNVHQ8BAf8EBAMCAKAwbwYDVR0fBGgwZjAtoCugKYYnaHR0cDov
L2NybDEuc2l0aHMuc2Uvc2l0aHN0eXBlMmNhdjEuY3JsMDWgM6Axhi9odHRwOi8v
Y3JsMi5zaXRocy5zanVuZXQub3JnL3NpdGhzdHlwZTJjYXYxLmNybDCBzgYIKwYB
BQUHAQEEgcEwgb4wIQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwMS5zaXRocy5zZTAp
BggrBgEFBQcwAYYdaHR0cDovL29jc3AyLnNpdGhzLnNqdW5ldC5vcmcwMgYIKwYB
BQUHMAKGJmh0dHA6Ly9haWEuc2l0aHMuc2Uvc2l0aHN0eXBlMmNhdjEuY2VyMDoG
CCsGAQUFBzAChi5odHRwOi8vYWlhLnNpdGhzLnNqdW5ldC5vcmcvc2l0aHN0eXBl
MmNhdjEuY2VyMEcGA1UdIARAMD4wPAYHKoVwSggDAjAxMC8GCCsGAQUFBwIBFiNo
dHRwOi8vcnBhLnNpdGhzLnNlL3NpdGhzcnBhdjEuaHRtbDAnBgNVHSUEIDAeBggr
BgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTK0PxEbXw5qJbD
ih/NijAIstpnzjAfBgNVHSMEGDAWgBRRiNwkxNxKiOSL9J7Vs846FL9WSDANBgkq
hkiG9w0BAQUFAAOCAgEAgzesycxpUin9tKpzUwXxxZWs1mi0Qtdqd3auY67bmws8
iBXdjrF+C3n4JXSzyiV0q6zpyDcmsr6Cup34FWnXM8JWdqKZLx1Nkef0jV6T7r8U
FYxNgKrsxRvBW0A3fyPRU3RQ00rw89/VoLE71xtvU7xGjxGo0a0ev8OyT09WXP9R
XzMRdCIYUAWk7RmnC1hvcoLz+euR7tobsYCrXmUjZpqCcSFHdZAsvRgThGFgMini
PBPsiAYwtZhd3j1q7lTibatnNIo7srC21lJZtp7n6qzJ+1ppcTmeWuhi+PewM8Uo
Xb5KSW2UYRlIFezmLNAbCCJwmIrTdFisAhMmFHPaTc2nO/uDoV/vSayfliNJ73xI
hEG3I/riLfGNSpyO4PCRxPggsF9M2KhVPLXTSEZl1xeXduvVmywu4/A/eOWPOvai
9gBkkLj9Fa7XxOXHRQ7i2IsNfnTeb+Wzzg2oADmG4K/iPIErtClz2NXRcNnP37V/
JYEnXE9/5v0xkqFJUQIJtRnWOPw6/TcN0iSgqZAJuDpC0jnAob54Sg6kGy4ttGKV
F0YR7TaVqpDUzdRLnRDoB60tvmUC0xOvlCkXv6ocNx/9W4kIrBw8+d0U4UfDtyz4
hEkq3/WHcaNNnEW1QeMri9LFWFDlP3p2YzHVYKzie5VKd2Xz62fRhXd+HDWs0vU=
-----END CERTIFICATE-----
subject=/C=se/DC=Services/DC=Nod1/O=Inera_AB/CN=esb.ntjp.sjunet.org/serialNumber=HSASERVICES-106J
issuer=/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
---
Acceptable client certificate CA names
/C=SE/O=Inera AB/CN=SITHS Root CA v1 PP
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=SE/O=SITHS CA/CN=SITHS CA TEST v3
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=SE/O=162321000016/OU=Infrastruktur/CN=HVAL/emailAddress=liston_support@brainpool.se
/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
/C=SE/O=Steria AB/CN=Steria AB EID CA v1
/C=US/O=Thawte, Inc./CN=Thawte SSL CA
/C=SE/O=Carelink/CN=SITHS CA v3
/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1 PP
/C=SE/O=SITHS CA/CN=SITHS CA TEST v4
/C=SE/O=Inera AB/CN=SITHS CA v4
/C=SE/O=Inera AB/CN=SITHS Root CA v1
/O=AlphaSSL/CN=AlphaSSL CA - G2
/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
---
SSL handshake has read 6683 bytes and written 170 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 534D94B2F76105F39728EA014975BE1541205FA959DEE868F3890DBB43D9F2B5
    Session-ID-ctx:
    Master-Key: 43B89A535AC90D9B9BB968D7E521B869ED305C00FDE5C6235B8804532F235182A57EF021F4C1551E990702F58AA76D97
    Key-Arg   : None
    Start Time: 1397629508
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

...

Länk till Ineras CA cert för produktion:

Ineras CA certifikat

Verisign och Thawte tillhandahåller också root CA's som kan användas:

Verisigns root CA

Thawte root CA's

Jämförda versioner

Gammal version 18

Ny version 19

Nyckel

Innehållsförteckning
maxLevel 2

Generera keystore med mellanliggande CA

Länk till Ineras CA cert för produktion:

Verisign och Thawte tillhandahåller också root CA's som kan användas:

Sidjämförelse

Jämförda versioner

Gammal version 18

Ny version 19

Nyckel

Länk till Ineras CA cert för produktion:

Verisign och Thawte tillhandahåller också root CA's som kan användas: