Context Navigation

Changes between Version 5 and Version 6 of IamProjectCerts

Timestamp:: 09/28/11 10:38:13 (13 years ago)
Author:: jpmitchell@…
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

IamProjectCerts

-                      v5
+                      v6
 * Quick SSL Cert Check How To:
+. Get subject, issuer, and expiration date from a server.
 {{{
 john@fearless:~$ openssl s_client -host idp.alaska.edu -port 443 2>&1 | openssl x509 -subject -issuer -enddate | head -n 3
 …
 issuer= /C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
 notAfter=Sep 11 23:59:59 2013 GMT
-^C
 }}}
+. Verify certificate chain with CA root public cert:
+{{{
+john@fearless:~$ openssl s_client -CAfile /home/john/Desktop/AddTrustExternalCARoot.crt -showcerts -verify 5 -host idp.alaska.edu -port 443
+verify depth is 5
+CONNECTED(00000003)
+depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
+verify return:1
+depth=1 /C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
+verify return:1
+depth=0 /C=US/ST=AK/L=Fairbanks/O=University of Alaska Statewide System/OU=OIT Identity and Access Management/CN=idp.alaska.edu
+verify return:1
+---
+Certificate chain
+s:/C=US/ST=AK/L=Fairbanks/O=University of Alaska Statewide System/OU=OIT Identity and Access Management/CN=idp.alaska.edu
+   i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
+-----BEGIN CERTIFICATE-----
+MIIFLjCCBBagAwIBAgIRAL7m1JR/Jf3um7I+F/71p7wwDQYJKoZIhvcNAQEFBQAw
+UTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5D
+b21tb24xGzAZBgNVBAMTEkluQ29tbW9uIFNlcnZlciBDQTAeFw0xMTA5MTIwMDAw
+MDBaFw0xMzA5MTEyMzU5NTlaMIGkMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQUsx
+EjAQBgNVBAcTCUZhaXJiYW5rczEuMCwGA1UEChMlVW5pdmVyc2l0eSBvZiBBbGFz
+a2EgU3RhdGV3aWRlIFN5c3RlbTErMCkGA1UECxMiT0lUIElkZW50aXR5IGFuZCBB
+Y2Nlc3MgTWFuYWdlbWVudDEXMBUGA1UEAxMOaWRwLmFsYXNrYS5lZHUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFJjT7PCqiV9QFBb1ba/CSLhJssdA9
+KNRVoYX1U5Y6v00RwGMD2tcNsf19atF6wQm4yOfd8LODYtE4ol8Z+K0QJyTrxYFK
+raWhoBvIvGK63KFNoJXqZkFWlKGx7ZQF6iln5hKfewg///U88p0Jk+ABj25h+kn
+JWFLi4QfFRWBH1+TljJ7b8KrVd3cLEMSDXwJ4u+55sPir+2z35BnDiTEPSFZvkeW
+ZmPkt7MvogpuE0wrW+j9bP1XHUBlirgwuk4fsojDje8ith2IjVhgJvDOpEqWdHKk
+uySVBNZq2H+MCiyZkc1LOXGoZPGGJV/J3xtfd8P/NnEHqzNiPU4D3B7lAgMBAAGj
+ggGrMIIBpzAfBgNVHSMEGDAWgBRIT1r6L0qaXuBQ82t7VaXe9b40XTAdBgNVHQ4E
+FgQUuJn+DjbTLCmjkKczw6S1uR0kEj4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
+/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMF0GA1UdIARWMFQw
+UgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBzOi8vd3d3LmluY29t
+bW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYwPQYDVR0fBDYwNDAy
+oDCgLoYsaHR0cDovL2NybC5pbmNvbW1vbi5vcmcvSW5Db21tb25TZXJ2ZXJDQS5j
+cmwwbwYIKwYBBQUHAQEEYzBhMDkGCCsGAQUFBzAChi1odHRwOi8vY2VydC5pbmNv
+bW1vbi5vcmcvSW5Db21tb25TZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6
+Ly9vY3NwLmluY29tbW9uLm9yZzAZBgNVHREEEjAQgg5pZHAuYWxhc2thLmVkdTAN
+BgkqhkiG9w0BAQUFAAOCAQEANBzYIHpPnRIOxQsBfAgUxYKao91pQJ9GlWouZuco
+qHekBVVjsaXTpNPd2iXAa27seBbi8sX9GW08Rp/mZHEwFGs/Dt0IdTZ9+I5YAQAb
+j7IDUEIxqC4w5KS3iQEBELfVwKRT77QNz3HPA9igGzNzXK0C1SCMNaifc1rCdq
+zqqgmZ8tiOYGgGIL1uT2hXDK5vNlT7vHo5RsQQUAC2mfT5X8byoeB6ZMGg7nFZa
+JrELkNrkeEwkKJiK+57h39vAVuYcchTYZG8fy0A7RZOrl5u16N2aPTIt+vbh4kc7
+rnuM0XiHDr2OEbFZfjtVP9duJKGpDaQCOfOJQI1kG6cRg==
+-----END CERTIFICATE-----
+s:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
+   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
+-----BEGIN CERTIFICATE-----
+MIIEwzCCA6ugAwIBAgIQf3HB06ImsNKxE/PmgWdkPjANBgkqhkiG9w0BAQUFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTEwMTIwNzAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
+UTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5D
+b21tb24xGzAZBgNVBAMTEkluQ29tbW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAJd8x8j+s+kgaqOkT46ONFYGs3psqhCbSGErNpBp
+zQKR6e7e96qavvrgpWPyh1/r3WmqEzaIGdhGg2GwcrBh6+sTuTeYhsvnbGYr8YB
++xdw26wUWexvPzN/ppgL5OI4r/V/hW0OdASd9ieGx5uP53EqCPQDAkBjJH1AV49U
+FR+thNIYfHezg69tvpNmLLZDY15puCqzQyRmqXfq3O7yhR4XEcpocrFup/H2mD3
+/+d/8tnaoS0PSRan0wCSz4pH2U341ZVm03T5gGMAT0yEFh+z9SQfoU7e6JXWsgsJ
+iyxrx1wvjGPJmctSsWJ7cwFif2Ns2Gig7mqojR8p89AYrK0CAwEAAaOCAXcwggFz
+MB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBRIT1r6
+L0qaXuBQ82t7VaXe9b40XTAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
+/wIBADARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDov
+L2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMIGz
+BggrBgEFBQcBAQSBpjCBozA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1
+c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QucDdjMDkGCCsGAQUFBzAChi1o
+dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RVVE5TR0NDQS5jcnQwJQYI
+KwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEF
+BQADggEBAJNmIYB0RYVLwqvOMrAp/t3f1iRbvwNqb1A+DhuzDYijW+7EpBI7Vu8G
+f89/IZVWO0Ex/uGqk9KV85UNPEerylwmrT7x+Yw0bhG+9GfjAkn5pnx7ZCXdF0by
+UOPjCiE6SSTNxoRlaGdosEUtR5nNnKuGKRFy3NacNkN089SXnlag/l9AWNLV1358
+xY4asgRckmYOha0uBs7Io9jrFCeR3s8XMIFTtmYSrTfk9e+WXCAONumsYn0ZgYr1
+kGGmSavOPN/mymTugmU5RZUWukEGAJi6DFZh5MbGhgHPZqkiKQLWPc/EKo2Z3vsJ
+FJ4O0dXG14HdrSSrrAcF4h1ow3BmX9M=
+-----END CERTIFICATE-----
+s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
+   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
+---
+Server certificate
+subject=/C=US/ST=AK/L=Fairbanks/O=University of Alaska Statewide System/OU=OIT Identity and Access Management/CN=idp.alaska.edu
+issuer=/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
+---
+No client certificate CA names sent
+---
+SSL handshake has read 4348 bytes and written 279 bytes
+---
+New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
+Server public key is 2048 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+SSL-Session:
+    Protocol  : TLSv1
+    Cipher    : EDH-RSA-DES-CBC3-SHA
+    Session-ID: 4E8368600B06F46B5B2E80574C2AF7B4987EF977A950D0A515EBF6CE4EA5E4F2
+    Session-ID-ctx:
+    Master-Key: 18E20D11AD058288CCD57C0F77F0349442426F8880F112E596E65A3F84FCEAD90C0991EEC9EA2DF8ABA0BAC93F2E9FD0
+    Key-Arg   : None
+    Start Time: 1317234784
+    Timeout   : 300 (sec)
+    Verify return code: 0 (ok)
+---
+}}}