langui.sh » openssl

Parsing A CRL With OpenSSL

Paul Kehrer — Mon, 11 Jan 2010 02:29:47 +0000

Short and sweet. This command will give you a list of revoked serial numbers:

openssl crl -inform DER -text -noout -in mycrl.crl

Most CRLs are DER encoded, but you can use -inform PEM if your CRL is not binary. If you’re unsure if it is DER or PEM open it with a text editor. If you see —–BEGIN X509 CRL—– then it’s PEM and if you see strange binary-looking garbage characters it’s DER.

OpenSSL and IDN Certificates

Paul Kehrer — Sun, 03 Jan 2010 17:34:46 +0000

As internationalized domain names (IDN) proliferate more people need to test with, and ultimately purchase, IDN certificates. If you need to generate a CSR or even a self-signed certificate for an internationalized domain follow these steps:

Take the UTF-8 characters and paste them into a punycode converter (also known as ASCII compatible encoding, or ACE).
The resulting converted text will be a fairly long string that starts with “xn--”. Copy the entire thing.
Now run this command.

For CSR generation¹:

openssl req -new -nodes -out mycsr.csr -keyout mykey.pem -newkey rsa:2048

For self-signed certificate generation²:

openssl req -new -nodes -x509 -days 3650 -out mycert.cer -keyout mykey.pem -newkey rsa:2048

Either way, follow the prompts and when you reach Common Name paste the text you copied from the punycode converter. Now you can submit your CSR to a certification authority or install the self-signed certificate for testing.

We are generating a 2048-bit CSR ↩
This will generate a 10 year self-signed certificate. ↩

Find A Matching Certificate And Key Pair

Paul Kehrer — Mon, 09 Nov 2009 02:49:21 +0000

If you have a list of keys and SSL certs and don’t know which cert belongs with which key, here’s a script for you. It’s not efficient (nested for loop!), but it gets the job done quickly.¹

#!/bin/bash
for i in `ls *.key` 
do
key_mod=`openssl rsa -noout -in $i -modulus`
for j in `ls *.cer`
do
x509_mod=`openssl x509 -noout -in $j -modulus`
if [ "$x509_mod" == "$key_mod" ]; then
echo "$j matches $i"
fi 
done
done

If bash allowed multidimensional or associative arrays this would be trivial to optimize. ↩

Create A 2048-bit Key Via OpenSSL

Paul Kehrer — Sat, 31 Oct 2009 16:32:37 +0000

We are fast approaching the date where NIST has recommended that end entities stop utilizing 1024-bit private keys. OpenSSL, however, currently defaults to creating 1024-bit keypairs. To create a 2048-bit private key and corresponding CSR (which you can send to a certificate authority to obtain your SSL certificate):

openssl req -new -nodes -newkey rsa:2048 -keyout mydomain.key -out mydomain.csr

This command will make a 2048-bit key, run the interactive prompt to populate the fields of the certificate signing request, and leave the private key unencrypted (-nodes). You can remove -nodes if you wish, but encrypting the private key will require you to type the password every time you start an application (like apache) that uses it.

Check If A Certificate & Private Key Match

Paul Kehrer — Mon, 05 Oct 2009 14:52:30 +0000

Check if an SSL certificate and private key match in two simple commands. The OpenSSL commands below will require you to replace with your file’s name.

For your SSL certificate:¹

openssl x509 -noout -modulus -in <file> | md5sum

For your RSA private key:

openssl rsa -noout -modulus -in <file> | md5sum

The output of these commands should be identical. If it isn’t, your keys do not match.

The pipe to md5sum is solely to make the output shorter and easier to visually compare ↩

Using OpenSSL s_time

Paul Kehrer — Sat, 28 Mar 2009 20:28:28 +0000

Recently I needed to do some performance testing of an SSL instance on a VM. I considered using JMeter, but decided to use OpenSSL to get a rudimentary picture instead.

To obtain a basic result, we connect to the server and pull the /index.php file. You can specify whatever file you’d like to download, or none at all if you simply want to test connections.¹

openssl s_time -www /index.php -new -connect www.trustwave.com:443

Your result will look something like this:

No CIPHER specified
Collecting connection statistics for 30 seconds
ttttttttttttttttttttttttttttttttttttttttttttttttttttttttt
159 connections in 5.82s; 27.32 connections/user sec, bytes read 62328
159 connections in 31 real seconds, 392 bytes read per connection

If you’d like to get more specific with performance testing you can even use the -ciphers parameter to explicitly choose the negotiated cipher. You can obtain a list of available ciphers with “openssl ciphers”.

If you would prefer to reuse connections rather than create a new one for each request replace -new with -reuse. ↩

RSA Encryption and Signing

Paul Kehrer — Sun, 22 Mar 2009 04:02:51 +0000

OpenSSL provides several tools that allow you to RSA encrypt/sign arbitrary data files. Of course, directly RSA encrypting large volumes of data is impractical because the encrypted/signed data cannot exceed the size of the key material. This is one of the reasons why SSL connections typically handshake and then pass an AES (or RC4, et cetera) key to do symmetric encryption thereafter.¹

Generate a private key. You can change the last number to the preferred modulus size. Keys greater than 4096-bit will take a long time to generate.²

openssl genrsa -out private.pem 4096

With the private key we can now encrypt the data.

openssl rsautl -encrypt -inkey private.pem -in publicfile -out privatefile

To decrypt just reverse it.

openssl rsautl -decrypt -inkey private.pem -in privatefile -out publicfile

If you would rather sign the data…

openssl rsautl -sign -inkey private.pem -in filetosign -out signed_data

To verify the signature just use -verify.³

openssl rsautl -verify -inkey private.pem -in signed_data

Another big reason is speed. AES is much, much faster than RSA. ↩
If you attempt to encrypt or sign data larger than your key length allows, you will receive an error similar to this: 23465:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:rsa_pk1.c:151: ↩
You can also use -hexdump or -raw to view the data in those forms. ↩

Creating a PKCS7 (P7B) Using OpenSSL

Paul Kehrer — Fri, 20 Mar 2009 23:08:53 +0000

Continuing the howto nature of this blog (and its peculiar obsession with OpenSSL), here’s a primer on packaging an arbitrary number of certificates into a single PKCS7 container. These files are quite useful for installing multiple certificates on Windows servers. They differ from PKCS12 (PFX) files in that they can’t store private keys. If you need to generate a PKCS12 then head to that article instead.

This example assumes that you have 2 different certificate files, each in PEM (Base64) format. You can add as many -certfile elements as you want to package in the file. Additionally, concatenated certificate chains are supported. ¹

openssl crl2pkcs7 -nocrl -certfile cert1.cer -certfile cert2.cer -out outfile.p7b

If you wish to provide DER encoded input files (or have DER output) you can use the -inform DER or -outform DER directives. ↩

Checking A Remote Certificate Chain With OpenSSL

Paul Kehrer — Sat, 14 Mar 2009 15:26:13 +0000

If you deal with SSL/TLS long enough you will run into situations where you need to examine what certificates are being presented by a server to the client. The best way to examine the raw output is via (what else but) OpenSSL.¹

First let’s do a standard webserver connection (-showcerts dumps the PEM encoded certificates themselves for more extensive parsing if you desire. The output below snips them for readability.):

openssl s_client -showcerts -connect www.domain.com:443

CONNECTED(00000003)
--snip--
---
Certificate chain
 0 s:/C=US/ST=Texas/L=Carrollton/O=Woot Inc/CN=*.woot.com
   i:/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
-----BEGIN CERTIFICATE-----
--snip--
-----END CERTIFICATE-----
 1 s:/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
   i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
-----BEGIN CERTIFICATE-----
--snip--
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Texas/L=Carrollton/O=Woot Inc/CN=*.woot.com
issuer=/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
---
No client certificate CA names sent
---
SSL handshake has read 2123 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
--snip--

There’s a lot of data here so I have truncated several sections to increase readability. Points of interest:

The certificate chain consists of two certificates. At level 0 there is the server certificate with some parsed information. s: is the subject line of the certificate and i: contains information about the issuing CA.
This particular server (www.woot.com) has sent an intermediate certificate as well. Subject and issuer information is provided for each certificate in the presented chain. Chains can be much longer than 2 certificates in length.
The server certificate section is a duplicate of level 0 in the chain. If you’re only looking for the end entity certificate then you can rapidly find it by looking for this section.
No client certificate CAs were sent. If the server was configured to potentially accept client certs the returned data would include a list of “acceptable client CAs”.
Connection was made via TLSv1/SSLv3 and the chosen cipher was RC4-MD5. Incidentally, this typically means that the server you’re connecting to is IIS.

But what if you want to connect to something other than a bog standard webserver on port 443? Well, if you need to use starttls that is also available. As of OpenSSL 0.9.8 you can choose from smtp, pop3, imap, and ftp as starttls options.

openssl s_client -showcerts -starttls imap -connect mail.domain.com:139

If you need to check using a specific SSL version (perhaps to verify if that method is available) you can do that as well. -ssl2, -ssl3, -tls1, and -dtls1 are all choices here.²

openssl s_client -showcerts -ssl2 -connect www.domain.com:443

You can also present a client certificate if you are attempting to debug issues with a connection that requires one.³

openssl s_client -showcerts -cert cert.cer -key cert.key -connect www.domain.com:443

And for those who really enjoy playing with SSL handshakes, you can even specify acceptable ciphers.⁴

openssl s_client -showcerts -cipher DHE-RSA-AES256-SHA -connect www.domain.com:443

The cipher used above should work for almost any Apache server, but will fail on IIS since it doesn’t support 256-bit AES encryption.

The s_client command we’re using opens an interactive socket and does not automatically return to the shell prompt, so remember you will have to hit control-c or type something and hit return to terminate the process. ↩
This example shows an attempted SSLv2 only connection. SSLv2 should be disabled on any web server you control. It has a variety of flaws and has been superseded by SSLv3/TLSv1 for over a decade. ↩
This example expects the certificate and private key in PEM form. You can provide them in DER if you add -certform DER and -keyform DER (OpenSSL 0.9.8 or newer only) ↩
A list of available ciphers can be found by typing “openssl ciphers”, but there are also myriad ways to sort by type and strength. See the ciphers man page for more details. ↩

Re-Signing An Expired CA Certificate

Paul Kehrer — Fri, 06 Mar 2009 04:24:25 +0000

On rare occasions you may find yourself with a self-signed internal CA that has expired while you are still using certificates issued from the CA. One potential solution to this problem is to self-sign a new cert with identical fields using the private key from the old certificate.¹

You can fill in almost all the fields using the interactive prompt, but to ensure maximum compatibility be sure every field matches exactly. You will also need to set the serial number of the certificate via the -set_serial parameter (openssl takes this argument in decimal form, not hex)².

openssl req -new -x509 -key previousprivatekey.pem -set_serial 0000 -out newroot.cer

You now have a new root certificate that will work with your previously issued certificates!

In general this is very bad practice, but this article presupposes that you recognize this and it is still necessary. ↩
If you fail to set the serial identically Microsoft OSes will chain the certificate correctly but OpenSSL will fail. ↩