Differences

This shows you the differences between two versions of the page.

--- пакет_openssl [2024/05/02 08:46]
val [Цифровая подпись]
+++ пакет_openssl [2024/05/08 16:20]
val [Создание параметра DH]
@@ Line 16: / Line 16: @@
 <code>
 $ openssl s_client -connect ru.wikipedia.org:443
-$ openssl s_client -CApath /etc/ssl/certs/ -showcerts -connect student.bmstu.ru:443
 $ openssl s_client -showcerts -connect webinar6.bmstu.ru:443 2>/dev/null | openssl x509 -noout -dates #-text | grep bmstu
@@ Line 23: / Line 21: @@
 $ faketime -f "+500d" wget -q -O /dev/null https://webinar7.bmstu.ru && echo Ok || echo Err
-$ openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -crlf -connect mailhub.bmstu.ru:25
+$ openssl s_client -starttls smtp -crlf -connect mailhub.bmstu.ru:25
-$ openssl s_client -cert user1.crt -key user1.key -connect www.corpX.un:443
+lan# openssl s_client -cert user1.crt -key user1.key -connect www.corpX.un:443
 </code><code>
 GET /cgi-bin/test-cgi HTTP/1.1
 Host: www.corpX.un
 </code><code>
-$ openssl s_client -cert user1.crt -key user1.key -connect server.corpX.un:993
+lan# openssl s_client -cert user1.crt -key user1.key -connect server.corpX.un:993
 </code><code>
 AUTHENTICATE EXTERNAL =
@@ Line 52: / Line 50: @@
 user1@server:~$ scp key.public user2@www:
-student@lan:~$ ftp student@server
+student@lan:~$ ftp-upload -h server -u student --password xxxxxxxx -v key.public
 </code>
@@ Line 62: / Line 60: @@
 user2@www:~$ scp data.enc user1@server:
-student@lan:~$ ftp student@server
+student@lan:~$ curl -v -o data.enc ftp://student:xxxxxxxx@server/data.enc
 student@lan:~$ openssl pkeyutl -decrypt -inkey key.private < data.enc | tee data.txt
@@ Line 74: / Line 72: @@
 user1@server:~$ scp data.* user2@www:
-student@lan:~$ ftp student@server
+student@lan:~$ ftp-upload -h server -u student --password password -v data*
 student@server:~$
@@ Line 83: / Line 81: @@
 <code>
 # time openssl dhparam -out /etc/openvpn/dh2048.pem 2048
-real    0m24.676s
+...
+real    2m6.588s
+...
 </code>
@@ Line 93: / Line 93: @@
 server# openssl genrsa -out server.key 2048
-server# chmod 400 server.key
+server# ###chmod 400 server.key
 </code>
@@ Line 139: / Line 139: @@
 ==== Debian ====
 <code>
+# wget http://lan.corpX.un/ca.crt
+# cp ca.crt /usr/local/share/ca-certificates/
 server# cp corpX-PDC-CA.crt /usr/local/share/ca-certificates/
@@ Line 153: / Line 157: @@
 # wget -O - https://www.corpX.un
+</code>
+==== CentOS/AlmaLinux ====
+<code>
+# yum install ca-certificates
+# update-ca-trust force-enable
+# wget http://lan.corp13.un/ca.crt
+# cp ca.crt /etc/pki/ca-trust/source/anchors/
+# update-ca-trust extract
+# wget -O - https://www.corp13.un
 </code>
@@ Line 178: / Line 197: @@
 ==== Настройка атрибутов базы CA в конфигурации ssl ====
+  * [[https://unix.stackexchange.com/questions/313216/openssl-sign-requests-with-extensions|OpenSSL sign requests with extensions]]
 <code>
 lan# cat /etc/ssl/openssl.cnf
@@ Line 185: / Line 207: @@
 dir           = /root/CA
 ...
+#unique_subject = no
+...
+copy_extensions = copy
+...
 certificate   = /var/www/html/ca.crt
 crl           = /var/www/html/ca.crl
 private_key   = $dir/ca.key
@@ Line 365: / Line 387: @@
 Email Address [noc@corpX.un]:user1@corpX.un
 ...
+</code>
+ИЛИ
+<code>
+$ openssl req -new -key user1.key -out user1.req -subj '/C=RU/ST=Moscow region/L=Moscow/O=cko/OU=group1/CN=user1/emailAddress=user1@corpX.un/'
 </code>
@@ Line 382: / Line 408: @@
 <code>
 $ openssl pkcs12 -export -in user1.crt -inkey user1.key -out user1.p12 -passout pass:ppassword1
+openssl3# openssl pkcs12 -legacy -export -in user1.crt -inkey user1.key -out user1.p12 -passout pass:ppassword1
 $ openssl pkcs12 -info -in user1.p12
@@ Line 395: / Line 422: @@
 lan# openssl ca -gencrl -out /var/www/html/ca.crl
+lan# openssl crl -text -noout -in /var/www/html/ca.crl | less
+...
+    Serial Number: 0M
+...
+    Serial Number: 0N
+...
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools