Twitter Weekly Updates for 2011-08-28
- Sometimes your day feels bad even when it doesn't really have a reason for it. Sillyness. #
- Flink onweer hier. Heb het hondje helemaal panisch aan bed staan. Vooruit dan maar, voor één nachtje hier slapen. #
Powered by Twitter Tools
Check SSL certificates
This post is mostly a collection of commands to check SSL certificates and make sure they are what you think they are. Especially when things do not go as expected, these commands are handy to have around. First, some definitions. We call the signed certificate cert.crt, the private key server.key, the certificate sign request cert.csr and any intermediate/chain certificates chain.pem. Substitude in the commands below with your files. It’s assumed you have all these certificates in the PEM format, for easy use with Apache’s mod_ssl.
Checking if the CSR is actually a public key from your serverkey
You need to check the modulo of the private key and the certificate sign request. The output of these two commands should be the same if the csr is made with this server key.
$ openssl rsa -noout -modulus -in server.key | openssl md5
$ openssl req -noout -modulus -in cert.csr | openssl md5
Checking if a signed certificate is actually created from the CSR that you created
You need to check the modulo of both files. The output of the two commands should be the same.
$ openssl x509 -noout -modulus -in cert.crt | openssl md5
$ openssl req -noout -modulus -in cert.csr | openssl md5
Checking if a signed certificate is actually the public key from your serverkey
This should be obvious if you read the two items above. The output of both commands should be the same.
$ openssl x509 -noout -modulus -in cert.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
Checking if the chain file actually applies to the signed certificate
openssl verify -CAfile chain.pem -verbose cert.crt
Output the details from a certificate sign request
openssl req -text -in cert.csr
Output the details from a signed certificate
openssl x509 -text -in cert.crt
Twitter Weekly Updates for 2011-08-21
- @peroict We do fixed price! :-) in reply to peroict #
Powered by Twitter Tools
Twitter Weekly Updates for 2011-08-14
- Going home. So much work, so little time. #
- @Dankjewelske Eerst zien, dan geloven :-) in reply to Dankjewelske #
Powered by Twitter Tools
Twitter Weekly Updates for 2011-08-07
- @davecoveney dd if=/dev/urandom of=verylargefile that'll test it :) in reply to davecoveney #
- #hetzner de borking for anyone else as well? Status page even seems down from here… #
- @ripienaar ddos, hetzner-status.de says. Bummer. in reply to ripienaar #
Powered by Twitter Tools
