在SSL重新协商期间查看可接受的客户端证书CA名称

关键是在命令行中使用-prexit选项,然后键入“quit”而不是CTRL-C以退出OpenSSL。然后OpenSSL将转储其最后的协商状态,打印重新协商的握手内容。在Web服务器(如IIS)上调试客户端证书配置至关重要,后者通过HTTP中的请求重新协商SSL / TLS连接以请求客户端获得证书。
.

0

linux命令:openssl s_client -connect www.example.com:443 -prexit -prexit www.example.com:443 -connect s_client openssl openssl s_client -connect www.example.com:443 -prexitrootopen.com
linux命令:openssl s_client -connect www.example.com:443 -prexit -prexit www.example.com:443 -connect s_client openssl openssl s_client -connect www.example.com:443 -prexitrootopen.com
fmkw 2018-03-17 13:14:48
输出

评论

相关推荐

certificate.crt必须先存在!

linux命令:openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key privateKey.key -signkey CSR.csr -out certificate.crt -in -x509toreq x509 openssl openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.keyrootopen.com
linux命令:openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key privateKey.key -signkey CSR.csr -out certificate.crt -in -x509toreq x509 openssl openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.keyrootopen.com
.

linux命令:openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key privateKey.key -keyout -nodes rsa:2048 -newkey -new CSR.csr -out req openssl openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.keyrootopen.com
linux命令:openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key privateKey.key -keyout -nodes rsa:2048 -newkey -new CSR.csr -out req openssl openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.keyrootopen.com
.

linux命令:openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt certificate.crt -out privateKey.key -keyout rsa:2048 -newkey 365 -days -nodes -sha256 -x509 req openssl openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crtrootopen.com
linux命令:openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt certificate.crt -out privateKey.key -keyout rsa:2048 -newkey 365 -days -nodes -sha256 -x509 req openssl openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crtrootopen.com
.

linux命令:openssl pkcs8 -inform DER -nocrypt -in [priv key] -out [pem priv key] key] priv [pem -out key] [priv -in -nocrypt DER -inform pkcs8 openssl openssl pkcs8 -inform DER -nocrypt -in [priv key] -out [pem priv key]rootopen.com
linux命令:openssl pkcs8 -inform DER -nocrypt -in [priv key] -out [pem priv key] key] priv [pem -out key] [priv -in -nocrypt DER -inform pkcs8 openssl openssl pkcs8 -inform DER -nocrypt -in [priv key] -out [pem priv key]rootopen.com
.

一个pkcs8键将在偏移量4处具有整数00并且在偏移量9处具有rsaEncryption对象

linux命令:openssl ans1parse -inform DER < [priv key] key] [priv < DER -inform ans1parse openssl openssl ans1parse -inform DER < [priv key]rootopen.com
linux命令:openssl ans1parse -inform DER < [priv key] key] [priv < DER -inform ans1parse openssl openssl ans1parse -inform DER < [priv key]rootopen.com
.

...如果你拿回证书,服务器接受弱SSL密码

linux命令:openssl s_client -connect [host]:[sslport] -cipher LOW LOW -cipher [host]:[sslport] -connect s_client openssl openssl s_client -connect [host]:[sslport] -cipher LOWrootopen.com
linux命令:openssl s_client -connect [host]:[sslport] -cipher LOW LOW -cipher [host]:[sslport] -connect s_client openssl openssl s_client -connect [host]:[sslport] -cipher LOWrootopen.com
.

linux命令:openssl pkcs12 -export -in /dir/CERTIFICATE.pem -inkey /dir/KEY.pem -certfile /dir/CA-cert.pem -name "certName" -out /dir/certName.p12 /dir/certName.p12 -out "certName" -name /dir/CA-cert.pem -certfile /dir/KEY.pem -inkey /dir/CERTIFICATE.pem -in -export pkcs12 openssl openssl pkcs12 -export -in /dir/CERTIFICATE.pem -inkey /dir/KEY.pem -certfile /dir/CA-cert.pem -name "certName" -out /dir/certName.p12rootopen.com
linux命令:openssl pkcs12 -export -in /dir/CERTIFICATE.pem -inkey /dir/KEY.pem -certfile /dir/CA-cert.pem -name "certName" -out /dir/certName.p12 /dir/certName.p12 -out "certName" -name /dir/CA-cert.pem -certfile /dir/KEY.pem -inkey /dir/CERTIFICATE.pem -in -export pkcs12 openssl openssl pkcs12 -export -in /dir/CERTIFICATE.pem -inkey /dir/KEY.pem -certfile /dir/CA-cert.pem -name "certName" -out /dir/certName.p12rootopen.com
.

允许您通过TLS连接到SMTP服务器,这对调试SMTP会话很有用。 (很像telnet到25 / tcp)。连接后,您可以在清除(例如EHLO)中手动发出SMTP命令

linux命令:openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 127.0.0.1:25 -connect -crlf smtp -starttls s_client openssl openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25rootopen.com
linux命令:openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 127.0.0.1:25 -connect -crlf smtp -starttls s_client openssl openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25rootopen.com
.

lifehacker的方式:http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL"这个命令将加密unencrypted-data.tar文件,并将结果输出到encrypted-data.tar.des3。要解密加密文件,请使用以下命令:“openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted- data.tar

linux命令:openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3 encrypted-data.tar.des3 -out unencrypted-data.tar -in -salt des3 openssl openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3rootopen.com
linux命令:openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3 encrypted-data.tar.des3 -out unencrypted-data.tar -in -salt des3 openssl openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3rootopen.com
.

适用于Mac OS X

linux命令:openssl rand -base64 6 6 -base64 rand openssl openssl rand -base64 6rootopen.com
linux命令:openssl rand -base64 6 6 -base64 rand openssl openssl rand -base64 6rootopen.com
.

通过在此处更改'x'来消除“l”和“o”字符更改长度:cut -c 1-x

linux命令:openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-8 | pbcopy pbcopy | 1-8 -c cut | "lo" -d tr | "[:alnum:]" -cd tr | "[:lower:]" "[:upper:]" tr | 1000 -base64 rand openssl openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-8 | pbcopyrootopen.com
linux命令:openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-8 | pbcopy pbcopy | 1-8 -c cut | "lo" -d tr | "[:alnum:]" -cd tr | "[:lower:]" "[:upper:]" tr | 1000 -base64 rand openssl openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-8 | pbcopyrootopen.com
.

linux命令:openssl x509 -in filename.crt -noout -text -text -noout filename.crt -in x509 openssl openssl x509 -in filename.crt -noout -textrootopen.com
linux命令:openssl x509 -in filename.crt -noout -text -text -noout filename.crt -in x509 openssl openssl x509 -in filename.crt -noout -textrootopen.com
.

不要复制结尾'='或使用头部-c限制到所需的长度。

linux命令:openssl rand -base64 <length> <length> -base64 rand openssl openssl rand -base64 <length>rootopen.com
linux命令:openssl rand -base64 <length> <length> -base64 rand openssl openssl rand -base64 <length>rootopen.com
.

我有一个mac,并且不想安装mac端口来获取base64二进制文件。使用openssl就可以做到这一点。请注意,要解码base64,请在命令中的'base64'之后指定'-d'。另请注意,文件base64.decoded.txt和base64.encoded.txt是文本文件。

linux命令:openssl base64 -in base64.decoded.txt -out base64.encoded.txt base64.encoded.txt -out base64.decoded.txt -in base64 openssl openssl base64 -in base64.decoded.txt -out base64.encoded.txtrootopen.com
linux命令:openssl base64 -in base64.decoded.txt -out base64.encoded.txt base64.encoded.txt -out base64.decoded.txt -in base64 openssl openssl base64 -in base64.decoded.txt -out base64.encoded.txtrootopen.com
.

对FreeBSD使用以下变体:openssl rand 6 | xxd -p | sed's / \(.. \)/ \ 1:/ g; S /:$ //”

linux命令:openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//' s/.$//' 's/\(..\)/\1:/g; sed | 6 -hex rand openssl openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'rootopen.com
linux命令:openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//' s/.$//' 's/\(..\)/\1:/g; sed | 6 -hex rand openssl openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'rootopen.com
.

linux命令:openssl pkcs12 -info -nodes -in /path/to/encryptedp12 > /path/to/asciip12 /path/to/asciip12 > /path/to/encryptedp12 -in -nodes -info pkcs12 openssl openssl pkcs12 -info -nodes -in /path/to/encryptedp12 > /path/to/asciip12rootopen.com
linux命令:openssl pkcs12 -info -nodes -in /path/to/encryptedp12 > /path/to/asciip12 /path/to/asciip12 > /path/to/encryptedp12 -in -nodes -info pkcs12 openssl openssl pkcs12 -info -nodes -in /path/to/encryptedp12 > /path/to/asciip12rootopen.com
.

当openssl已经安装时,无需安装另一个程序。 :-)

linux命令:openssl dgst -sha256 <<<"test" <<<"test" -sha256 dgst openssl openssl dgst -sha256 <<<"test"rootopen.com
linux命令:openssl dgst -sha256 <<<"test" <<<"test" -sha256 dgst openssl openssl dgst -sha256 <<<"test"rootopen.com
.

另一个选项是openssl。

linux命令:openssl base64 -d < file.txt > out out > file.txt < -d base64 openssl openssl base64 -d < file.txt > outrootopen.com
linux命令:openssl base64 -d < file.txt > out out > file.txt < -d base64 openssl openssl base64 -d < file.txt > outrootopen.com
.

测试弱SSL版本。

linux命令:openssl s_client -connect localhost:443 -ssl2 -ssl2 localhost:443 -connect s_client openssl openssl s_client -connect localhost:443 -ssl2rootopen.com
linux命令:openssl s_client -connect localhost:443 -ssl2 -ssl2 localhost:443 -connect s_client openssl openssl s_client -connect localhost:443 -ssl2rootopen.com
.

linux命令:openssl req -new -x509 -extensions v3_ca -days 1100 -subj "/C=CA/ST=CA/L=SomeCity/O=EXAMPLE Inc./OU=Web Services/CN=example.com/emailAddress=postmaster@example.com" -nodes -keyout web.key -out web.crt web.crt -out web.key -keyout -nodes Services/CN=example.com/emailAddress=postmaster@example.com" Inc./OU=Web "/C=CA/ST=CA/L=SomeCity/O=EXAMPLE -subj 1100 -days v3_ca -extensions -x509 -new req openssl openssl req -new -x509 -extensions v3_ca -days 1100 -subj "/C=CA/ST=CA/L=SomeCity/O=EXAMPLE Inc./OU=Web Services/CN=example.com/emailAddress=postmaster@example.com" -nodes -keyout web.key -out web.crtrootopen.com
linux命令:openssl req -new -x509 -extensions v3_ca -days 1100 -subj "/C=CA/ST=CA/L=SomeCity/O=EXAMPLE Inc./OU=Web Services/CN=example.com/emailAddress=postmaster@example.com" -nodes -keyout web.key -out web.crt web.crt -out web.key -keyout -nodes Services/CN=example.com/emailAddress=postmaster@example.com" Inc./OU=Web "/C=CA/ST=CA/L=SomeCity/O=EXAMPLE -subj 1100 -days v3_ca -extensions -x509 -new req openssl openssl req -new -x509 -extensions v3_ca -days 1100 -subj "/C=CA/ST=CA/L=SomeCity/O=EXAMPLE Inc./OU=Web Services/CN=example.com/emailAddress=postmaster@example.com" -nodes -keyout web.key -out web.crtrootopen.com
.
共收录0条命令行
这里是记录和分享命令行的地方, 所有命令行都可以进行评论、提交替代方案.

推荐
    热门命令