Ssl

From My Mnemonic Rhyme
Jump to navigation Jump to search

OpenSSL Zertifikat auf der Commandline prüfen

openssl s_client -connect google.com:443 | openssl x509 -text

oder

s_client -connect hostname:443 -CApath /etc/ssl/certs
  • Wichtig: Der Pfad zu den Root Zertifikaten muss stimmen!

Passwort generieren

PASSWORD=$(openssl rand -base64 8 )

Check Cert

ssl-cert-check -c file.crt

# cat check-ssl-cert.sh 

CERT=`cat /usr/ssl/cert-check-list`

CERT=($CERT)
for ((i=0; i<${#CERT[*]}; i++)) do
ssl-cert-check -e systemcheck@smt.de -q -a -c /usr/ssl/newcerts/${CERT[i]} -x 15
#ssl-cert-check -c /usr/ssl/newcerts/${CERT[i]}
done

SSL für Apache

mkdir /etc/apache2/myssl
cd /etc/apache2/myssl
openssl req -new > server.cert.csr
openssl rsa -in privkey.pem -out server.cert.key
openssl x509 -in server.cert.csr -out server.cert.crt  -req -signkey server.cert.key -days 365
nano /etc/apache2/ports.conf
nano /etc/apache2/httpd.conf
a2enmod ssl
/etc/init.d/apache2 force-reload

delete rsa key password

openssl rsa -in key_with_pw -out key
chmod 600 key
Retrieved from "https://www.tobias-weiss.org/wiki/index.php?title=Ssl&oldid=240"