martes, 16 de marzo de 2010

Curl https client certificate negotiation

Just in case we need to perform continous testing against a https resource that requires certificate authentication:
curl --cert buenokpl.pem --key buenokpr.pem --pass fulano123 -k -v https://www.google.es

Reading socket identifier from proc fs

cd /proc//fd
ls -ltr|grep -i socket
fetch the socket id on the rigth side and do a netstat -ae|grep -i

miércoles, 10 de marzo de 2010

Getting server certificates with openssl

This recipe is very useful if you need to download the certificate from a server that uses ssl for connection encryption.
With your favorite openssl distribution just type:

openssl s_client -connect 172.16.1.42:22


CONNECTED(00000003)
depth=0 /C=ES/ST=Spain/L=madrid/O=xxx/OU=seguridad/CN=localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=ES/ST=Spain/L=madrid/O=xxx/OU=seguridad/CN=localhost
verify return:1
---
Certificate chain
0 s:/C=ES/ST=Spain/L=madrid/O=xxx/OU=seguridad/CN=localhost
i:/C=ES/ST=Spain/L=madrid/O=xxx/OU=seguridad/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC/DCCAroCBEuLj7EwCwYHKoZIzjgEAwUAMGQxCzAJBgNVBAYTAkVTMQ4wDAYD
VQQIEwVTcGFpbjEPMA0GA1UEBxMGbWFkcmlkMQwwCgYDVQQKEwNzaWExEjAQBgNV
BAsTCXNlZ3VyaWRhZDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTEwMDMwMTA5NTgw
OVoXDTEwMDUzMDA5NTgwOVowZDELMAkGA1UEBhMCRVMxDjAMBgNVBAgTBVNwYWlu
MQ8wDQYDVQQHEwZtYWRyaWQxDDAKBgNVBAoTA3NpYTESMBAGA1UECxMJc2VndXJp
ZGFkMRIwEAYDVQQDEwlsb2NhbGhvc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA
/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow
9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7
g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi
64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV466
1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L
+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
gYB6L1euyIcyqIcnDqjNoVxTIbq+hXPGuV7E27j6PkXQdhboJJPvOrBnS7GbCMtP
65IbedsJm+raK5rfCzkUXvrg6/LNM9zs6BNBZBVLiyh2o2ueecGc6hBCUA2WMbGc
6QB3oBIfxAv++//1+knIL1+A26jrBU58AfnNpDK43T1coTALBgcqhkjOOAQDBQAD
LwAwLAIURZdToJ9MjzXze0oCgS280KwsunICFC1Crf4hj1kP7OdZhVXvlP4gCQi1
-----END CERTIFICATE-----
subject=/C=ES/ST=Spain/L=madrid/O=xxx/OU=seguridad/CN=localhost
issuer=/C=ES/ST=Spain/L=madrid/O=xxx/OU=seguridad/CN=localhost
---
Acceptable client certificate CA names
/C=ES/O=Recipes/CN=ca
---
SSL handshake has read 1315 bytes and written 288 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-DSS-DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-DSS-DES-CBC3-SHA
Session-ID: 4B976688585F4BDA3C35765B4F2C6119F90064A77BFCC73D4C2E26A283864204
Session-ID-ctx:
Master-Key: D0D069F3AC2059DA628F55A2847A7EA9744AADBB62FA379D1D480832FB36330A560D93872F75CA340C999733EB0E2F45
Key-Arg : None
Start Time: 1268213384
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
closed