Last active
February 18, 2024 23:48
-
-
Save guerzon/fe60c5345cf01ad223441c1d4e95e08b to your computer and use it in GitHub Desktop.
Useful OpenSSL comands for testing, troubleshooting, and information gathering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Test an SSL connection | |
| openssl s_client -connect <IP>:<PORT> | |
| # Test if SSLv3 is supported | |
| # Expected result if TLSv1.0 is not supported: ssl handshake failure | |
| openssl s_client -connect <IP>:<PORT> -ssl3 | |
| # Test if TLSv1.0 is supported | |
| # Expected result if TLSv1.0 is not supported: ssl handshake failure | |
| openssl s_client -connect <IP>:<PORT> -tls1 | |
| # Test if TLSv1.1 is supported | |
| # Expected result if TLSv1.1 is not supported: ssl handshake failure | |
| openssl s_client -connect <IP>:<PORT> -tls1_1 | |
| # Test StartTLS connection to an email server | |
| openssl s_client -starttls smtp -crlf -connect <smtp_server_ip>:<PORT> | |
| # Display the SSL certificates chain | |
| openssl s_client -showcerts -connect <IP>:<PORT> </dev/null | |
| # Generate a self-signed certificate | |
| openssl req -new -sha256 -nodes \ | |
| -keyout self.pem -out self.csr \ | |
| -subj "/C=DE/ST=Bavaria/L=Munich/O=MyCompany/OU=MyDept/CN=server.lcl" | |
| openssl x509 -in self.csr \ | |
| -out self.crt -req \ | |
| -signkey self.pem -days 731 | |
| # simulate an expired, self-signed SSL certificate: | |
| faketime 'last Friday 5 pm' /bin/bash -c 'openssl x509 -in self.csr -out self.crt -req -signkey self.pem -days 2' | |
| # Verify the certificate contents | |
| openssl x509 -text -noout -in self.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment