Skip to content

Instantly share code, notes, and snippets.

@olih
Last active October 12, 2020 12:06
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?

SSL cheetsheet

Encode file with password

alias enc='openssl enc -e -aes128 -base64 -pass "env:PASS"'

Decode file with password

alias dec='openssl enc -d -aes128 -base64 -pass "env:PASS"'

Check client certificate

openssl pkcs12 -info -in client.p12

Check java truststore

keytool -list -keystore client.jks -storepass changeit;

Check certificate authority

openssl x509 -inform PEM -in ca.pem -text -out certdata; cat certdata;

Creates certificates for node.js

sslnode() { openssl pkcs12 -nodes -nokeys -clcerts -in $1 -out cert.pem; openssl pkcs12 -nodes -nocerts -clcerts -in $1 -out key.pem;}

Generate a random password

openssl rand -base64 32

If you have the error: unable to write 'random state', which refers to the default seeding file, just delete it:

sudo rm ~/.rnd

Generate unique id

uuidgen

Or for a 10 chars id in hexadecimal

openssl rand -hex 10

Alternatively for 8 chars base64 id:

openssl rand -base64 6

Or to generate a n chars id:

genid() { openssl rand -base64 40 | cut -c1-$1; }
genid 15

curl: (60) SSL certificate problem

Reason: The website called by curl relies on a certificate authority not supported.

In practice: if you are calling a website with a custom CA certificate, you need to download this ca.pem.

curl: (56) SSL read

Reason: The website called by curl expects you to provide a SSL client certificate.

In practice: it should be your client certificate exported from Firefox in .p12 format. Also check that ${userHome}/.curlrc contains a line starting with cert.

java.io.IOException: keystore password was incorrect

Reason: The password for your SSL client certificate is incorrect.

In practice: you can export your client certificate in .p12 format from Firefox. See the Advanced/Certificates/Backup in Firefox preferences.

Uncaught exception: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

The SSL connection is untrusted because of name difference between SSL server certificate and url called.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment