From 4a9beba7c17ae315880fbf69479dac926259c2e9 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 9 Jul 2018 11:43:21 +0200 Subject: [PATCH] added new one-liners, minor fixes - signed-off-by: trimstray --- README.md | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 133 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b44d637..52175e8 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Awesome - Status @@ -275,6 +275,7 @@ performance of any of your sites from across the globe.
* [screen](#tool-screen) * [du](#tool-du) * [inotifywait](#tool-inotifywait) + * [openssl](#tool-openssl) - **[HTTP/HTTPS](#http-https)** * [curl](#tool-curl) * [httpie](#tool-httpie) @@ -559,6 +560,124 @@ du | sort -r -n | awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} pri while true ; do inotifywait -r -e MODIFY dir/ && ls dir/ ; done; ``` +##### Tool: [openssl](https://www.openssl.org/) + +###### Testing connection to remote host + +```bash +echo | openssl s_client -connect google.com:443 -showcerts +``` + +###### Testing connection to remote host with specific ssl version + +```bash +openssl s_client -tls1_2 -connect google.com:443 +``` + +###### Testing connection to remote host with specific ssl cipher + +```bash +openssl s_client -cipher 'AES128-SHA' -connect google.com:443 +``` + +###### Generate private key + +```bash +# _ciph: des3, aes +( _ciph="des3" ; _fd="private.key" ; _len="2048" ; \ +openssl genrsa -${_ciph} -out ${_fd} ${_len} ) +``` + +###### Remove password from private key + +```bash +( _fd="private.key" ; _fd_unp="private_unp.key" ; \ +openssl rsa -in ${_fd} -out ${_fd_unp} ) +``` + +###### Get public key from private key + +```bash +( _fd="private.key" ; _fd_pub="public.key" ; \ +openssl rsa -pubout -in ${_fd} -out ${_fd_pub} ) +``` + +###### Generate private key + csr + +```bash +( _fd="private.key" ; _fd_csr="request.csr" ; _len="2048" ; \ +openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} ) +``` + +###### Generate csr + +```bash +( _fd="private.key" ; _fd_csr="request.csr" ; \ +openssl req -out ${_fd_csr} -new -key ${_fd} ) +``` + +###### Generate csr (metadata from exist certificate) + +```bash +( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \ +openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} ) +``` + +###### Generate csr with -config param + +```bash +( _fd="private.key" ; _fd_csr="request.csr" ; \ +openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \ +-config <( +cat <<-EOF +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn + +[ dn ] +C= +ST= +L= +O= +OU=
+CN= + +[ req_ext ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = +DNS.2 = +DNS.3 = +EOF +)) +``` + +###### Checking whether the private key and the certificate match + +```bash +(openssl rsa -noout -modulus -in private.key | openssl md5 ; openssl x509 -noout -modulus -in certificate.crt | openssl md5) | uniq +``` + +___ + +##### Tool: [gnutls-cli](https://gnutls.org/manual/html_node/gnutls_002dcli-Invocation.html) + +###### Testing connection to remote host (with sni) + +```bash +gnutls-cli -p 443 google.com +``` + +###### Testing connection to remote host (without sni) + +```bash +gnutls-cli --disable-sni -p 443 google.com +``` + HTTP/HTTPS ##### Tool: [curl](https://curl.haxx.se) @@ -639,6 +758,12 @@ __EOF__ ssh host -l user $(