Innehållsförteckning | ||
---|---|---|
|
Generera keystore med mellanliggande CA
Nedan script kan användas för att generera en keystore innehållandes mellanliggande CAs.
Ladda ner SITHS root ca. Notera att det är olika ca för prod och test/qa. Nedan exempel är med prod ca.
...
Expandera | ||
---|---|---|
| ||
openssl x509 -inform DER -in "<target source>" -out <dest target> -outform PEM openssl s_client kommandot implementerar en generisk SSL/TLS klient -connect host:port -prexit print on exit Länka: s_client |
Kodblock |
---|
&>openssl s_client -connect 33.33.33.33:20000 -prexit CONNECTED(00000003) depth=2 /C=SE/O=Inera AB/CN=SITHS Root CA v1 verify error:num=19:self signed certificate in certificate chain verify return:0 22047:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:/SourceCache/OpenSSL098/OpenSSL098-47.2/src/ssl/s3_pkt.c:1106:SSL alert number 42 22047:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47.2/src/ssl/s23_lib.c:182: --- Certificate chain 0 s:/C=se/DC=Services/DC=Nod1/O=Inera_AB/CN=esb.ntjp.sjunet.org/serialNumber=HSASERVICES-106J i:/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1 1 s:/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1 i:/C=SE/O=Inera AB/CN=SITHS Root CA v1 2 s:/C=SE/O=Inera AB/CN=SITHS Root CA v1 i:/C=SE/O=Inera AB/CN=SITHS Root CA v1 --- Server certificate -----BEGIN CERTIFICATE----- MIIGWzCCBEOgAwIBAgIQCQOCyORSzlnKHi8ZZ7PbtDANBgkqhkiG9w0BAQUFADA9 MQswCQYDVQQGEwJTRTERMA8GA1UECgwISW5lcmEgQUIxGzAZBgNVBAMMElNJVEhT IFR5cGUgMiBDQSB2MTAeFw0xNDA0MTAxNDM2NDJaFw0xNjA0MTAyMTU4MDBaMIGJ MQswCQYDVQQGEwJzZTEYMBYGCgmSJomT8ixkARkWCFNlcnZpY2VzMRQwEgYKCZIm iZPyLGQBGRYETm9kMTERMA8GA1UECgwISW5lcmFfQUIxHDAaBgNVBAMME2VzYi5u dGpwLnNqdW5ldC5vcmcxGTAXBgNVBAUTEEhTQVNFUlZJQ0VTLTEwNkowggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAaioXbk3QusJSTm7S49si8MOVixso HT5F4IuK/9x1qaCIk7kVlTtLhOxrxKUz3OSlaSzhZ+D2uJ3O7USFglMDLVDvxGpB +xymCg0aty0Hb4WQGZHjMFumEsJASo2qqkg18BdWJOecwhISp19LizB/NaGcnOlc 26Ghmbbnhku76a6RW/5ALmEW32+toeHOE2jo++qrXNNMRwe6oVEtgdQKWK3J6Cw0 KsHhrsE/FNrzHsCWHSW1zvjdsMws+OgKL3o40qeWnhgXYiXV1aarMyk2p2yxsI32 jzRuwQaDVYvcWnL6evjUu2MOYr5/pwXGwzWz9u9q5hQu1lGOLx8dzSMTAgMBAAGj ggIIMIICBDAOBgNVHQ8BAf8EBAMCAKAwbwYDVR0fBGgwZjAtoCugKYYnaHR0cDov L2NybDEuc2l0aHMuc2Uvc2l0aHN0eXBlMmNhdjEuY3JsMDWgM6Axhi9odHRwOi8v Y3JsMi5zaXRocy5zanVuZXQub3JnL3NpdGhzdHlwZTJjYXYxLmNybDCBzgYIKwYB BQUHAQEEgcEwgb4wIQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwMS5zaXRocy5zZTAp BggrBgEFBQcwAYYdaHR0cDovL29jc3AyLnNpdGhzLnNqdW5ldC5vcmcwMgYIKwYB BQUHMAKGJmh0dHA6Ly9haWEuc2l0aHMuc2Uvc2l0aHN0eXBlMmNhdjEuY2VyMDoG CCsGAQUFBzAChi5odHRwOi8vYWlhLnNpdGhzLnNqdW5ldC5vcmcvc2l0aHN0eXBl MmNhdjEuY2VyMEcGA1UdIARAMD4wPAYHKoVwSggDAjAxMC8GCCsGAQUFBwIBFiNo dHRwOi8vcnBhLnNpdGhzLnNlL3NpdGhzcnBhdjEuaHRtbDAnBgNVHSUEIDAeBggr BgEFBQcDBAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTK0PxEbXw5qJbD ih/NijAIstpnzjAfBgNVHSMEGDAWgBRRiNwkxNxKiOSL9J7Vs846FL9WSDANBgkq hkiG9w0BAQUFAAOCAgEAgzesycxpUin9tKpzUwXxxZWs1mi0Qtdqd3auY67bmws8 iBXdjrF+C3n4JXSzyiV0q6zpyDcmsr6Cup34FWnXM8JWdqKZLx1Nkef0jV6T7r8U FYxNgKrsxRvBW0A3fyPRU3RQ00rw89/VoLE71xtvU7xGjxGo0a0ev8OyT09WXP9R XzMRdCIYUAWk7RmnC1hvcoLz+euR7tobsYCrXmUjZpqCcSFHdZAsvRgThGFgMini PBPsiAYwtZhd3j1q7lTibatnNIo7srC21lJZtp7n6qzJ+1ppcTmeWuhi+PewM8Uo Xb5KSW2UYRlIFezmLNAbCCJwmIrTdFisAhMmFHPaTc2nO/uDoV/vSayfliNJ73xI hEG3I/riLfGNSpyO4PCRxPggsF9M2KhVPLXTSEZl1xeXduvVmywu4/A/eOWPOvai 9gBkkLj9Fa7XxOXHRQ7i2IsNfnTeb+Wzzg2oADmG4K/iPIErtClz2NXRcNnP37V/ JYEnXE9/5v0xkqFJUQIJtRnWOPw6/TcN0iSgqZAJuDpC0jnAob54Sg6kGy4ttGKV F0YR7TaVqpDUzdRLnRDoB60tvmUC0xOvlCkXv6ocNx/9W4kIrBw8+d0U4UfDtyz4 hEkq3/WHcaNNnEW1QeMri9LFWFDlP3p2YzHVYKzie5VKd2Xz62fRhXd+HDWs0vU= -----END CERTIFICATE----- subject=/C=se/DC=Services/DC=Nod1/O=Inera_AB/CN=esb.ntjp.sjunet.org/serialNumber=HSASERVICES-106J issuer=/C=SE/O=Inera AB/CN=SITHS Type 2 CA v1 --- Acceptable client certificate CA names /C=SE/O=Inera AB/CN=SITHS Root CA v1 PP /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA /C=SE/O=SITHS CA/CN=SITHS CA TEST v3 /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA /C=SE/O=162321000016/OU=Infrastruktur/CN=HVAL/emailAddress=liston_support@brainpool.se /C=SE/O=Inera AB/CN=SITHS Type 2 CA v1 /C=SE/O=Steria AB/CN=Steria AB EID CA v1 /C=US/O=Thawte, Inc./CN=Thawte SSL CA /C=SE/O=Carelink/CN=SITHS CA v3 /C=SE/O=Inera AB/CN=SITHS Type 2 CA v1 PP /C=SE/O=SITHS CA/CN=SITHS CA TEST v4 /C=SE/O=Inera AB/CN=SITHS CA v4 /C=SE/O=Inera AB/CN=SITHS Root CA v1 /O=AlphaSSL/CN=AlphaSSL CA - G2 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA --- SSL handshake has read 6683 bytes and written 170 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 534D94B2F76105F39728EA014975BE1541205FA959DEE868F3890DBB43D9F2B5 Session-ID-ctx: Master-Key: 43B89A535AC90D9B9BB968D7E521B869ED305C00FDE5C6235B8804532F235182A57EF021F4C1551E990702F58AA76D97 Key-Arg : None Start Time: 1397629508 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- |
...