Check if an SSL certificate and private key match in two simple commands. The OpenSSL commands below will require you to replace <file> with your file’s name. For your SSL certificate:1 openssl x509 -noout -modulus -in <file> | md5sum For your RSA private key: openssl rsa -noout -modulus -in <file> | md5sum The output of [...]

If you’re running a Microsoft CA and you want to be able to accept enrollment requests from clients supporting keygen (Firefox, Safari, Opera, et cetera) you’ve probably found that the /certsrv/ page allows enrollment, but the requests fail when you attempt to issue the certificate.  This is because the server is not parsing the subject [...]

Recently I needed to do some performance testing of an SSL instance on a VM. I considered using JMeter, but decided to use OpenSSL to get a rudimentary picture instead. To obtain a basic result, we connect to the server and pull the /index.php file. You can specify whatever file you’d like to download, or [...]

OpenSSL provides several tools that allow you to RSA encrypt/sign arbitrary data files. Of course, directly RSA encrypting large volumes of data is impractical because the encrypted/signed data cannot exceed the size of the key material. This is one of the reasons why SSL connections typically handshake and then pass an AES (or RC4, et [...]

Continuing the howto nature of this blog (and its peculiar obsession with OpenSSL), here’s a primer on packaging an arbitrary number of certificates into a single PKCS7 container. These files are quite useful for installing multiple certificates on Windows servers. They differ from PKCS12 (PFX) files in that they can’t store private keys. If you [...]

If you deal with SSL/TLS long enough you will run into situations where you need to examine what certificates are being presented by a server to the client. The best way to examine the raw output is via (what else but) OpenSSL.1 First let’s do a standard webserver connection (-showcerts dumps the PEM encoded certificates [...]