| Innehållsförteckning | ||
|---|---|---|
|
Generera keystore med mellanliggande CA
Nedan script kan användas för att generera en keystore innehållandes mellanliggande CAs.
Ladda ner SITHS root ca. Notera att det är olika ca för prod och test/qa. Nedan exempel är med prod ca.
...
| Expandera | ||
|---|---|---|
| ||
openssl x509 -inform DER -in "<target source>" -out <dest target> -outform PEM openssl s_client kommandot implementerar en generisk SSL/TLS klient -connect host:port -prexit print on exit Länka: s_client |
| Kodblock |
|---|
&>openssl s_client -connect 33.33.33.33:20000 -prexit
CONNECTED(00000003)
depth=2 /C=SE/O=Inera AB/CN=SITHS Root CA v1
verify error:num=19:self signed certificate in certificate chain
verify return:0
22047:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:/SourceCache/OpenSSL098/OpenSSL098-47.2/src/ssl/s3_pkt.c:1106:SSL alert number 42
22047:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47.2/src/ssl/s23_lib.c:182:
---
Certificate chain
0 s:/C=se/DC=Services/DC=Nod1/O=Inera_AB/CN=esb.ntjp.sjunet.org/serialNumber=HSASERVICES-106J
i:/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
1 s:/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
i:/C=SE/O=Inera AB/CN=SITHS Root CA v1
2 s:/C=SE/O=Inera AB/CN=SITHS Root CA v1
i:/C=SE/O=Inera AB/CN=SITHS Root CA v1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGWzCCBEOgAwIBAgIQCQOCyORSzlnKHi8ZZ7PbtDANBgkqhkiG9w0BAQUFADA9
MQswCQYDVQQGEwJTRTERMA8GA1UECgwISW5lcmEgQUIxGzAZBgNVBAMMElNJVEhT
IFR5cGUgMiBDQSB2MTAeFw0xNDA0MTAxNDM2NDJaFw0xNjA0MTAyMTU4MDBaMIGJ
MQswCQYDVQQGEwJzZTEYMBYGCgmSJomT8ixkARkWCFNlcnZpY2VzMRQwEgYKCZIm
iZPyLGQBGRYETm9kMTERMA8GA1UECgwISW5lcmFfQUIxHDAaBgNVBAMME2VzYi5u
dGpwLnNqdW5ldC5vcmcxGTAXBgNVBAUTEEhTQVNFUlZJQ0VTLTEwNkowggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAaioXbk3QusJSTm7S49si8MOVixso
HT5F4IuK/9x1qaCIk7kVlTtLhOxrxKUz3OSlaSzhZ+D2uJ3O7USFglMDLVDvxGpB
+xymCg0aty0Hb4WQGZHjMFumEsJASo2qqkg18BdWJOecwhISp19LizB/NaGcnOlc
26Ghmbbnhku76a6RW/5ALmEW32+toeHOE2jo++qrXNNMRwe6oVEtgdQKWK3J6Cw0
KsHhrsE/FNrzHsCWHSW1zvjdsMws+OgKL3o40qeWnhgXYiXV1aarMyk2p2yxsI32
jzRuwQaDVYvcWnL6evjUu2MOYr5/pwXGwzWz9u9q5hQu1lGOLx8dzSMTAgMBAAGj
ggIIMIICBDAOBgNVHQ8BAf8EBAMCAKAwbwYDVR0fBGgwZjAtoCugKYYnaHR0cDov
L2NybDEuc2l0aHMuc2Uvc2l0aHN0eXBlMmNhdjEuY3JsMDWgM6Axhi9odHRwOi8v
Y3JsMi5zaXRocy5zanVuZXQub3JnL3NpdGhzdHlwZTJjYXYxLmNybDCBzgYIKwYB
BQUHAQEEgcEwgb4wIQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwMS5zaXRocy5zZTAp
BggrBgEFBQcwAYYdaHR0cDovL29jc3AyLnNpdGhzLnNqdW5ldC5vcmcwMgYIKwYB
BQUHMAKGJmh0dHA6Ly9haWEuc2l0aHMuc2Uvc2l0aHN0eXBlMmNhdjEuY2VyMDoG
CCsGAQUFBzAChi5odHRwOi8vYWlhLnNpdGhzLnNqdW5ldC5vcmcvc2l0aHN0eXBl
MmNhdjEuY2VyMEcGA1UdIARAMD4wPAYHKoVwSggDAjAxMC8GCCsGAQUFBwIBFiNo
dHRwOi8vcnBhLnNpdGhzLnNlL3NpdGhzcnBhdjEuaHRtbDAnBgNVHSUEIDAeBggr
BgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTK0PxEbXw5qJbD
ih/NijAIstpnzjAfBgNVHSMEGDAWgBRRiNwkxNxKiOSL9J7Vs846FL9WSDANBgkq
hkiG9w0BAQUFAAOCAgEAgzesycxpUin9tKpzUwXxxZWs1mi0Qtdqd3auY67bmws8
iBXdjrF+C3n4JXSzyiV0q6zpyDcmsr6Cup34FWnXM8JWdqKZLx1Nkef0jV6T7r8U
FYxNgKrsxRvBW0A3fyPRU3RQ00rw89/VoLE71xtvU7xGjxGo0a0ev8OyT09WXP9R
XzMRdCIYUAWk7RmnC1hvcoLz+euR7tobsYCrXmUjZpqCcSFHdZAsvRgThGFgMini
PBPsiAYwtZhd3j1q7lTibatnNIo7srC21lJZtp7n6qzJ+1ppcTmeWuhi+PewM8Uo
Xb5KSW2UYRlIFezmLNAbCCJwmIrTdFisAhMmFHPaTc2nO/uDoV/vSayfliNJ73xI
hEG3I/riLfGNSpyO4PCRxPggsF9M2KhVPLXTSEZl1xeXduvVmywu4/A/eOWPOvai
9gBkkLj9Fa7XxOXHRQ7i2IsNfnTeb+Wzzg2oADmG4K/iPIErtClz2NXRcNnP37V/
JYEnXE9/5v0xkqFJUQIJtRnWOPw6/TcN0iSgqZAJuDpC0jnAob54Sg6kGy4ttGKV
F0YR7TaVqpDUzdRLnRDoB60tvmUC0xOvlCkXv6ocNx/9W4kIrBw8+d0U4UfDtyz4
hEkq3/WHcaNNnEW1QeMri9LFWFDlP3p2YzHVYKzie5VKd2Xz62fRhXd+HDWs0vU=
-----END CERTIFICATE-----
subject=/C=se/DC=Services/DC=Nod1/O=Inera_AB/CN=esb.ntjp.sjunet.org/serialNumber=HSASERVICES-106J
issuer=/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
---
Acceptable client certificate CA names
/C=SE/O=Inera AB/CN=SITHS Root CA v1 PP
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=SE/O=SITHS CA/CN=SITHS CA TEST v3
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=SE/O=162321000016/OU=Infrastruktur/CN=HVAL/emailAddress=liston_support@brainpool.se
/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1
/C=SE/O=Steria AB/CN=Steria AB EID CA v1
/C=US/O=Thawte, Inc./CN=Thawte SSL CA
/C=SE/O=Carelink/CN=SITHS CA v3
/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1 PP
/C=SE/O=SITHS CA/CN=SITHS CA TEST v4
/C=SE/O=Inera AB/CN=SITHS CA v4
/C=SE/O=Inera AB/CN=SITHS Root CA v1
/O=AlphaSSL/CN=AlphaSSL CA - G2
/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
---
SSL handshake has read 6683 bytes and written 170 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 534D94B2F76105F39728EA014975BE1541205FA959DEE868F3890DBB43D9F2B5
Session-ID-ctx:
Master-Key: 43B89A535AC90D9B9BB968D7E521B869ED305C00FDE5C6235B8804532F235182A57EF021F4C1551E990702F58AA76D97
Key-Arg : None
Start Time: 1397629508
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
|
...