openssl - generate self signed certificate for server & client and client authentication
$ openssl req -new -x509 -out ./cacert.pem -days 1200
Generating a 2048 bit RSA private key
...........................................................................................+++
....+++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Karnataka
Locality Name (eg, city) [Default City]:Bangalore
Organization Name (eg, company) [Default Company Ltd]:freelance
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:blogspot.in
Email Address []:test@blogspot
$ ls -l
-rw-rw-r-- 1 arun arun 1415 Aug 4 13:00 cacert.pem
-rw-rw-r-- 1 arun arun 1834 Aug 4 13:00 privkey.pem
$ openssl req -new -out srvcert.csr
Generating a 2048 bit RSA private key
....................+++
.......+++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TamilNadu
Locality Name (eg, city) [Default City]:Chennai
Organization Name (eg, company) [Default Company Ltd]:consultant
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:freelance
Email Address []:test@freelance
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test
An optional company name []:
Generating a 2048 bit RSA private key
.................+++
..................................................................................................................................................................+++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Kerala
Locality Name (eg, city) [Default City]:Cochin
Organization Name (eg, company) [Default Company Ltd]:freelance
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:bluetech
Email Address []:test@bluetech
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test
An optional company name []:
[arun@ clientcert]$
[arun@ clientcert]$ ls -l
total 8
-rw-rw-r-- 1 arun arun 1070 Aug 4 13:16 clientcert.csr
-rw-rw-r-- 1 arun arun 1834 Aug 4 13:16 privkey.pem
[arun@ srvcert]$ openssl x509 -req -CA ../cacert/cacert.pem -CAcreateserial -CAserial ../cacert/caserial.txt -CAkey ../cacert/privkey.pem -days 1200 -in ./srvcert.csr -out ./srvcert.signed.cert
Signature ok
subject=/C=IN/ST=TamilNadu/L=Chennai/O=consultant/OU=IT/CN=freelance/emailAddress=test@freelance
Getting CA Private Key
Enter pass phrase for ../cacert/privkey.pem:
[arun@ clientcert]$ openssl x509 -req -CA ../cacert/cacert.pem -CAcreateserial -CAserial ../cacert/caserial.txt -CAkey ../cacert/privkey.pem -days 1200 -in ./clientcert.csr -out ./clientcert.signed.cert
Signature ok
subject=/C=IN/ST=Kerala/L=Cochin/O=freelance/OU=IT/CN=bluetech/emailAddress=test@bluetech
Getting CA Private Key
Enter pass phrase for ../cacert/privkey.pem:
[arun@ srvcert]$ openssl s_server -CAfile ../cacert/cacert.pem -cert ./srvcert.signed.cert -key ./privkey.pem -WWW -Verify ../clientcert/clientcert.signed.cert -verify_return_error
verify depth is 0, must return a certificate
Enter pass phrase for ./privkey.pem:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
depth=0 C = IN, ST = Andra, L = Hyderabad, O = somesoft, OU = IT, CN = somesoft, emailAddress = user@somesoft
verify error:num=18:self signed certificate
verify return:0
140506713479032:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:3360:
ACCEPT
depth=1 C = IN, ST = Karnataka, L = Bangalore, O = freelance, OU = IT, CN = blogspot.in, emailAddress = test@blogspot
verify return:1
depth=0 C = US, ST = California, L = SanJose, O = somecomp, OU = IT, CN = testuser, emailAddress = testuser@somecomp
verify return:1
ACCEPT
depth=1 C = IN, ST = Karnataka, L = Bangalore, O = freelance, OU = IT, CN = blogspot.in, emailAddress = test@blogspot
verify return:1
depth=0 C = IN, ST = Kerala, L = Cochin, O = freelance, OU = IT, CN = bluetech, emailAddress = test@bluetech
verify return:1
ACCEPT
depth=1 C = IN, ST = Karnataka, L = Bangalore, O = freelance, OU = IT, CN = blogspot.in, emailAddress = test@blogspot
verify return:1
depth=0 C = IN, ST = Kerala, L = Cochin, O = freelance, OU = IT, CN = bluetech, emailAddress = test@bluetech
verify return:1
ACCEPT
depth=1 C = IN, ST = Karnataka, L = Bangalore, O = freelance, OU = IT, CN = blogspot.in, emailAddress = test@blogspot
verify return:1
depth=0 C = IN, ST = Kerala, L = Cochin, O = freelance, OU = IT, CN = bluetech, emailAddress = test@bluetech
verify return:1
ACCEPT
depth=0 C = IN, ST = Andra, L = Hyderabad, O = somesoft, OU = IT, CN = somesoft, emailAddress = user@somesoft
verify error:num=18:self signed certificate
verify return:0
140506713479032:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:3360:
ACCEPT
[arun@ clientcert]$ openssl s_client -cert ./clientcert.signed.cert -key ./privkey.pem -CAfile ../cacert/cacert.pem
Enter pass phrase for ./privkey.pem:
CONNECTED(00000003)
depth=1 C = IN, ST = Karnataka, L = Bangalore, O = freelance, OU = IT, CN = blogspot.in, emailAddress = test@blogspot
verify return:1
depth=0 C = IN, ST = TamilNadu, L = Chennai, O = consultant, OU = IT, CN = freelance, emailAddress = test@freelance
verify return:1
---
Certificate chain
0 s:/C=IN/ST=TamilNadu/L=Chennai/O=consultant/OU=IT/CN=freelance/emailAddress=test@freelance
i:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
1 s:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
i:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDkDCCAngCCQCdtNefIFwpWTANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRIwEAYD
VQQKDAlmcmVlbGFuY2UxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAtibG9nc3BvdC5p
bjEcMBoGCSqGSIb3DQEJARYNdGVzdEBibG9nc3BvdDAeFw0xNTA4MDQwNzUzMzda
Fw0xODExMTYwNzUzMzdaMIGIMQswCQYDVQQGEwJJTjESMBAGA1UECAwJVGFtaWxO
YWR1MRAwDgYDVQQHDAdDaGVubmFpMRMwEQYDVQQKDApjb25zdWx0YW50MQswCQYD
VQQLDAJJVDESMBAGA1UEAwwJZnJlZWxhbmNlMR0wGwYJKoZIhvcNAQkBFg50ZXN0
QGZyZWVsYW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxdkP/y
z4OsmWuNZF2V9N9r4ctmKwU0ylI2Q7Y6Icmtr3MjC+Od3HAjmJL/X/1Lix1+fgbb
OwENwauRSn2NOyX1GApNkcG/htdZIKQe/r5TjVGvGkv7thNIUe2uIHedhyswXoHI
WUMd0iC56YApaM5AJCh06BeOgTjANSfrApNUvC/AFQmsTfqTHqK5q7q6eGMFa5ZR
TTLfOtvsbsXTopnN1ncMo7txhLSopbQA2Dd2rQe0j73DvBKQjpNFa6BHzIKRBZs7
S00MpG5UWc60MLBmUMTrE3GXl3hPlYy3DgcaJpXCQyJc+xVj5lDw6testj4C5694
NPXneMHsVzEkHuECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAfnrLMV/izdKiFwnY
0Lj+mvFBnJcv5b2kX23blLxFQ5XATmxFe1HyA9JafpJDhV6PprVdmrNUoRWRPnNN
dm6mYUaK8IzOGW7WiQ89TSbHTaN3Y83nzd4freE+GwtISEEKELsF21l7Go+vByd2
4dv9F1ye7e+HcBtRshapRnlTqmCQvUJ0G/SQVfpfI4RUL+vGDX7n+DOBNCEcNa7A
B7I/WsdjV1Km2aHZms1WTGXSKGyYU13JdaoCjCSwZfWLl17n4YPRgmQ7KZ4H7fQy
NisdAewtaDbZWNEVD48/NZfziC+qFL7uw54cLJEntjy2y1iHB6Yx/vSbApapCzCu
sOHwHg==
-----END CERTIFICATE-----
subject=/C=IN/ST=TamilNadu/L=Chennai/O=consultant/OU=IT/CN=freelance/emailAddress=test@freelance
issuer=/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
---
Acceptable client certificate CA names
/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3680 bytes and written 2532 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 161D5C7007A42B926E3F0157FF6AD02E94CAE021741E826FD707520DE93A78B9
Session-ID-ctx:
Master-Key: EA74189909BA6DCF8DBB5D0492D7CCADD5AC62AA22E1C15E9036F31A2027ECB3D3C2C27A6708DC6AF413C68AD99C2186
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4a d3 be ac 6e 74 c5 6f-b6 75 7c 2b af 0d 1b 0b J...nt.o.u|+....
0010 - 01 9a d6 a3 2f 8a 9f 9b-40 8e f1 d6 25 51 ae bd ..../...@...%Q..
0020 - 68 1a 0b 12 cf f9 bb c2-aa 76 6e 40 61 c0 2f 6f h........vn@a./o
0030 - 5c 87 4a 9c 1e 3e de a1-50 eb 38 3c 48 99 7c 84 \.J..>..P.8<H.|.
0040 - c1 60 1c 3a fb 50 61 a6-9d e4 3c 41 ea d0 8a c6 .`.:.Pa...<A....
0050 - 4d da 59 14 72 f9 1f 7a-87 d7 7c 13 2f 22 b6 fc M.Y.r..z..|./"..
0060 - 46 8c 06 0f 1e fe 74 ec-c4 da 47 82 ae 0d e7 42 F.....t...G....B
0070 - 3c 2e a9 34 0d 42 5d cd-d5 5a 31 c2 89 bf 19 26 <..4.B]..Z1....&
0080 - 50 6d 8d 3c 9c 04 82 ca-d1 63 17 0f 11 4f 5e 94 Pm.<.....c...O^.
0090 - b6 fc b5 ea ec 71 0d 7c-74 61 a9 df 83 3e cd 92 .....q.|ta...>..
00a0 - df f3 b8 8d 30 34 a4 fb-a7 da 19 43 0b 26 4e dc ....04.....C.&N.
00b0 - 51 2f 4a d4 6f fc 58 d0-5c e1 0b cc 99 05 9d b0 Q/J.o.X.\.......
00c0 - ff c2 a0 4c 8e 9f 2c 92-de 34 a9 ab ec 18 27 85 ...L..,..4....'.
00d0 - db 2f 57 7d 6f 03 c9 d0-c0 da ff 27 97 29 87 ae ./W}o......'.)..
00e0 - 6a df d2 4a 65 98 34 6f-f5 18 05 df 95 74 0e 33 j..Je.4o.....t.3
00f0 - 4b f0 1b 27 11 1e 9d 64-12 14 9d 00 aa 5e 2e e4 K..'...d.....^..
0100 - 02 69 2d b0 0a 62 eb 84-0c 91 28 a1 47 cf d4 8e .i-..b....(.G...
0110 - 26 9f c1 d9 70 6b ca b9-d9 57 40 1d a2 77 12 50 &...pk...W@..w.P
0120 - 04 5a 5e 2c 90 17 02 e5-46 b7 c8 13 8a 42 ac 58 .Z^,....F....B.X
0130 - aa 31 0a 65 a0 a4 9e 63-48 61 f2 b3 7a 61 34 b3 .1.e...cHa..za4.
0140 - 30 b3 57 1b eb c6 b5 59-db 21 dd 95 11 e2 2f a2 0.W....Y.!..../.
0150 - 5b dc 87 61 22 63 85 b2-0b f0 e0 16 61 cc 81 c1 [..a"c......a...
0160 - 65 a9 bc fe 84 ff 5e 8a-32 0b a5 c0 92 b5 02 9a e.....^.2.......
0170 - 5a 7c c2 76 45 f7 a5 0a-0c 4b 41 ae 9b 70 d8 69 Z|.vE....KA..p.i
0180 - ff fa 80 17 f2 ae bc 65-f8 86 2a 77 b1 31 71 58 .......e..*w.1qX
0190 - 37 d1 68 82 96 f8 0e c1-0d 3b e6 48 b3 e3 41 ea 7.h......;.H..A.
01a0 - 05 d1 f1 d7 99 b3 db c4-09 25 d1 2d a0 c2 20 66 .........%.-.. f
01b0 - fd f9 13 61 8b 39 1c 68-e2 7b 61 54 cf 72 ff 97 ...a.9.h.{aT.r..
01c0 - a0 09 59 67 e7 f5 e6 b2-59 5e 89 60 4c 9e de 42 ..Yg....Y^.`L..B
01d0 - 7e af 58 de 66 00 eb b8-ab 94 83 f2 65 95 c1 1d ~.X.f.......e...
01e0 - 45 07 2f 8f 5f 8a e5 47-42 44 d6 8d ea 89 87 b5 E./._..GBD......
01f0 - f7 42 04 35 3d 25 2e 8c-19 2b 27 5f 99 1f 1d 9b .B.5=%...+'_....
0200 - a2 c3 fa 92 81 be 6d 32-d5 b8 1a 8e 49 b3 b2 58 ......m2....I..X
0210 - 0e ff 08 36 4b 71 f2 49-6d 3e 20 63 ba 2e 77 2c ...6Kq.Im> c..w,
0220 - 05 be 5d 57 ae 87 21 cb-e9 2f 62 ee 82 a3 02 1f ..]W..!../b.....
0230 - 6d f2 f9 8b 2c ef 0e 43-79 f0 51 9d 4e 41 75 82 m...,..Cy.Q.NAu.
0240 - 1a 9c 4a e9 b3 d2 e0 87-cc df 17 c1 3f 14 4d 06 ..J.........?.M.
0250 - ca f1 f2 2e 25 f8 27 02-0c c8 cd 4c 9f dc 1f 4c ....%.'....L...L
0260 - 27 02 dd 37 a7 d6 c1 16-f5 27 a7 5c 7e a1 b0 e1 '..7.....'.\~...
0270 - 33 82 ab cd fe 3b 3f 9a-13 ea 24 b7 95 9c 63 e7 3....;?...$...c.
0280 - 31 6e 81 fc 4a 12 3b f9-45 b5 87 6c 54 6d 99 eb 1n..J.;.E..lTm..
0290 - 4a 61 3f be 22 de 74 ae-f5 95 9b 44 48 63 ee 41 Ja?.".t....DHc.A
02a0 - 22 de 5d 8d 03 0a 28 05-92 34 3b 60 da 28 ed e6 ".]...(..4;`.(..
02b0 - c6 82 49 00 a4 5f 90 94-81 4d dd fd 1f 10 2b 8e ..I.._...M....+.
02c0 - 46 7e 29 96 04 78 67 bb-c6 e9 2f b6 c5 3c 9c 7a F~)..xg.../..<.z
02d0 - d2 1b 71 2c 5c 5f 83 82-c4 d6 45 63 05 49 d9 2e ..q,\_....Ec.I..
02e0 - 5e ac f7 4f f9 6d ef ef-b9 99 93 41 6b 31 23 9b ^..O.m.....Ak1#.
02f0 - f5 85 66 e1 94 2d fd 14-b8 5d 0e 7a 6d 6f 33 d6 ..f..-...].zmo3.
0300 - 1f 2d d8 10 03 df 4e fd-55 cb e5 26 15 32 d5 30 .-....N.U..&.2.0
0310 - 84 6e 0c e8 8c d4 66 d1-4d 0c 22 ad 6e f3 a2 d5 .n....f.M.".n...
0320 - 6d 7b d5 cc bd 5d 39 96-aa 70 e0 34 8d bf 4e 5c m{...]9..p.4..N\
0330 - a6 0b 4d df af 1c 33 ea-3a 74 af 7c 91 43 1d 1e ..M...3.:t.|.C..
0340 - 27 de cd 29 6f 66 a5 b5-b7 18 02 a2 64 8b 75 8a '..)of......d.u.
0350 - 15 fb 85 43 b4 27 f3 01-e0 68 da a4 74 39 b6 07 ...C.'...h..t9..
0360 - d4 12 77 31 39 da 45 16-95 e4 90 d3 2e e3 30 93 ..w19.E.......0.
0370 - 97 e5 9b 11 06 20 b2 a8-41 2b 40 43 47 dc e8 7d ..... ..A+@CG..}
0380 - 27 38 0d 86 bf 1c da 07-76 ed 39 aa 38 1e 87 98 '8......v.9.8...
0390 - 3b 23 01 41 3b 8e 8c d7-2f f7 71 a5 6c db 80 59 ;#.A;.../.q.l..Y
03a0 - b4 54 f4 f8 6b 98 76 08-42 ad 2d 6a 38 bb 7d 47 .T..k.v.B.-j8.}G
03b0 - 7c 43 f0 e4 a1 80 07 18-5d 54 26 c4 11 f5 31 ff |C......]T&...1.
03c0 - 15 cf c0 86 e5 af 9c 42-9b d6 b2 93 8e 0b bc a6 .......B........
03d0 - d2 5b 32 e9 16 7e 8e f2-77 08 a4 c2 68 aa c7 69 .[2..~..w...h..i
03e0 - 76 63 fb d9 4c 18 36 5a-e0 5f d4 48 9b 61 df 73 vc..L.6Z._.H.a.s
03f0 - cd 83 62 75 d0 c4 04 a6-4e 90 b2 be 83 7a bb e7 ..bu....N....z..
0400 - 59 55 d3 1f 64 fd 27 76-d8 3d 54 11 a2 51 08 5e YU..d.'v.=T..Q.^
0410 - 60 53 6b 25 dc 00 02 7b-21 84 87 32 11 e4 d5 ef `Sk%...{!..2....
0420 - 7a 73 9c 3c 30 1d 7a c3-a7 72 5c 93 a9 7d 86 9a zs.<0.z..r\..}..
Start Time: 1438677661
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
^C
[arun@ clientcert]$
[arun@ clientcert]$ openssl s_client -cert ./clientcert.signed.cert -key ./privkey.pem -CAfile ../cacert/cacert.pem
Enter pass phrase for ./privkey.pem:
CONNECTED(00000003)
depth=1 C = IN, ST = Karnataka, L = Bangalore, O = freelance, OU = IT, CN = blogspot.in, emailAddress = test@blogspot
verify return:1
depth=0 C = IN, ST = TamilNadu, L = Chennai, O = consultant, OU = IT, CN = freelance, emailAddress = test@freelance
verify return:1
---
Certificate chain
0 s:/C=IN/ST=TamilNadu/L=Chennai/O=consultant/OU=IT/CN=freelance/emailAddress=test@freelance
i:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
1 s:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
i:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDkDCCAngCCQCdtNefIFwpWTANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRIwEAYD
VQQKDAlmcmVlbGFuY2UxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAtibG9nc3BvdC5p
bjEcMBoGCSqGSIb3DQEJARYNdGVzdEBibG9nc3BvdDAeFw0xNTA4MDQwNzUzMzda
Fw0xODExMTYwNzUzMzdaMIGIMQswCQYDVQQGEwJJTjESMBAGA1UECAwJVGFtaWxO
YWR1MRAwDgYDVQQHDAdDaGVubmFpMRMwEQYDVQQKDApjb25zdWx0YW50MQswCQYD
VQQLDAJJVDESMBAGA1UEAwwJZnJlZWxhbmNlMR0wGwYJKoZIhvcNAQkBFg50ZXN0
QGZyZWVsYW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxdkP/y
z4OsmWuNZF2V9N9r4ctmKwU0ylI2Q7Y6Icmtr3MjC+Od3HAjmJL/X/1Lix1+fgbb
OwENwauRSn2NOyX1GApNkcG/htdZIKQe/r5TjVGvGkv7thNIUe2uIHedhyswXoHI
WUMd0iC56YApaM5AJCh06BeOgTjANSfrApNUvC/AFQmsTfqTHqK5q7q6eGMFa5ZR
TTLfOtvsbsXTopnN1ncMo7txhLSopbQA2Dd2rQe0j73DvBKQjpNFa6BHzIKRBZs7
S00MpG5UWc60MLBmUMTrE3GXl3hPlYy3DgcaJpXCQyJc+xVj5lDw6testj4C5694
NPXneMHsVzEkHuECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAfnrLMV/izdKiFwnY
0Lj+mvFBnJcv5b2kX23blLxFQ5XATmxFe1HyA9JafpJDhV6PprVdmrNUoRWRPnNN
dm6mYUaK8IzOGW7WiQ89TSbHTaN3Y83nzd4freE+GwtISEEKELsF21l7Go+vByd2
4dv9F1ye7e+HcBtRshapRnlTqmCQvUJ0G/SQVfpfI4RUL+vGDX7n+DOBNCEcNa7A
B7I/WsdjV1Km2aHZms1WTGXSKGyYU13JdaoCjCSwZfWLl17n4YPRgmQ7KZ4H7fQy
NisdAewtaDbZWNEVD48/NZfziC+qFL7uw54cLJEntjy2y1iHB6Yx/vSbApapCzCu
sOHwHg==
-----END CERTIFICATE-----
subject=/C=IN/ST=TamilNadu/L=Chennai/O=consultant/OU=IT/CN=freelance/emailAddress=test@freelance
issuer=/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
---
Acceptable client certificate CA names
/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3680 bytes and written 2532 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 3634377EF66AF690C9F2E2CCBC38664C1D73CDC75E7A81851A7B59B39352C59A
Session-ID-ctx:
Master-Key: C958F7CA0D2A66DFF765261965EBE821A68B1782DAB1438DD38A62B78254F85BA9A4A24A1A626F5BB67578567F58FA50
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4a d3 be ac 6e 74 c5 6f-b6 75 7c 2b af 0d 1b 0b J...nt.o.u|+....
0010 - 6a ce 7d 66 2b 02 5f 5b-3e 27 41 6e c9 13 04 08 j.}f+._[>'An....
0020 - a3 17 f1 2b 6c 67 4b 9d-e8 b6 3b 6a dd da d2 9b ...+lgK...;j....
0030 - 7c 17 a2 7c c4 85 39 19-11 48 4c 3a 0c f7 b7 21 |..|..9..HL:...!
0040 - db 0a 84 a1 1a 4d 0b 70-f7 52 85 97 3f 28 72 23 .....M.p.R..?(r#
0050 - 0e 32 8c 3e cf e1 94 01-f7 4b cc 95 6f 33 db 3f .2.>.....K..o3.?
0060 - 3c b0 fd bc ce 1c 8b d1-3e 07 02 6d f3 b4 43 ec <.......>..m..C.
0070 - 3a 04 e0 20 ff 4f 14 5a-c5 7d eb e4 3c 81 bd a1 :.. .O.Z.}..<...
0080 - 55 03 ce e9 5f 7c da 9e-69 66 0c 0e cd fa 00 6c U..._|..if.....l
0090 - c4 37 83 d3 c5 94 e6 8b-16 28 41 aa 56 ba 9f 6a .7.......(A.V..j
00a0 - fa 5d 41 6c b6 50 0b 34-34 68 1c c3 7b fb 75 e9 .]Al.P.44h..{.u.
00b0 - 41 cd 69 28 30 5e 86 fc-10 6c 25 c1 f7 79 46 aa A.i(0^...l%..yF.
00c0 - 5e ac f9 f8 67 b9 c9 0d-32 67 3c 09 f6 c6 7f 8a ^...g...2g<.....
00d0 - ea ec 70 45 63 75 73 9f-a1 98 9c 09 bf d0 46 06 ..pEcus.......F.
00e0 - 9a 2a f9 26 8e a8 95 e6-fb 06 42 49 d1 1b 38 e5 .*.&......BI..8.
00f0 - 3c 6d e6 86 70 c8 94 76-28 fe 90 5b 2c bf 4c 8f <m..p..v(..[,.L.
0100 - 8d 55 20 93 0b 46 6c 56-21 68 e1 2b 27 4a ca d8 .U ..FlV!h.+'J..
0110 - 60 16 59 e7 23 77 b3 19-81 e0 bb 8c 30 95 23 d4 `.Y.#w......0.#.
0120 - e3 a9 cf ce fd 04 0b 20-e2 6a cf d8 03 71 39 5f ....... .j...q9_
0130 - 6b d4 60 88 13 c6 6c 7a-2f 39 96 30 c3 2d 05 64 k.`...lz/9.0.-.d
0140 - 04 23 2e 91 86 8c 13 88-ba 44 61 4a b9 9b 71 36 .#.......DaJ..q6
0150 - 3c b9 4f 0e d0 eb c3 93-5f 71 bb c5 43 00 aa 72 <.O....._q..C..r
0160 - 6a b3 c8 5a a3 9b 33 07-06 8f 04 b1 d9 81 78 24 j..Z..3.......x$
0170 - 37 ca d0 d1 ca 78 0a 79-a0 68 59 fe 03 3f 8e 37 7....x.y.hY..?.7
0180 - 1e dd 98 5c a2 35 89 65-d5 d2 f6 96 15 a3 3d e6 ...\.5.e......=.
0190 - 9a d8 39 61 a4 52 e1 d2-18 9a 30 69 f9 10 c6 36 ..9a.R....0i...6
01a0 - 7f 8c 23 30 ad dd 36 2b-b7 3a fe c6 1c bc eb 90 ..#0..6+.:......
01b0 - 6b 1c f6 3d ef 05 3f e7-18 fc 07 a5 05 24 10 48 k..=..?......$.H
01c0 - 96 08 81 46 37 7b 92 4f-16 5c 8e 8a 6f 71 f4 f0 ...F7{.O.\..oq..
01d0 - 3d 59 d6 c2 6a ec c2 e5-59 e4 3d 5d ea 47 d5 7a =Y..j...Y.=].G.z
01e0 - 54 5a 65 9a 1e c6 5c 54-ae 0e da 9c 23 a9 a6 ce TZe...\T....#...
01f0 - f1 73 e9 67 7d db 7e d2-89 1d d0 56 af fb 11 6a .s.g}.~....V...j
0200 - f9 8f 2d 17 10 e9 5f 98-36 2b 3e 95 6c 3a 4c 31 ..-..._.6+>.l:L1
0210 - 18 d2 90 0c b4 08 0e 4c-ad ca ac 6d ff a8 f8 f0 .......L...m....
0220 - 5d 19 ad c6 ae 15 04 a6-d4 89 72 92 d9 c1 28 55 ].........r...(U
0230 - 1f f1 50 e2 20 22 36 88-ee 38 d1 b3 7d c5 e5 99 ..P. "6..8..}...
0240 - 24 19 5e 26 1d 5f 01 b9-6d 7f c2 8c 7f fd 9c ad $.^&._..m.......
0250 - 38 c0 e6 7d e1 64 7c c3-e9 92 e7 1b ce 2d 68 2d 8..}.d|......-h-
0260 - c6 4f e3 ae 47 b6 6d f7-f3 4f 2d 37 05 5b 29 be .O..G.m..O-7.[).
0270 - 66 fa a4 76 69 0f 99 1b-35 48 4d 37 d1 11 4a 58 f..vi...5HM7..JX
0280 - 86 0e 49 4b 4a 36 2e 97-b4 80 93 8a 57 14 03 08 ..IKJ6......W...
0290 - 39 12 61 23 fc 30 f1 38-a0 03 77 79 a1 c4 8c fc 9.a#.0.8..wy....
02a0 - b8 de e7 74 38 43 e8 d3-eb 96 23 23 c5 ae d3 b8 ...t8C....##....
02b0 - 27 ce fb 26 bd 4e 20 37-f1 37 14 2c 4b 12 98 fb '..&.N 7.7.,K...
02c0 - 37 6e 0e 52 01 54 9e 86-2e c1 08 de 52 d4 2f 29 7n.R.T......R./)
02d0 - de 12 b6 99 a6 e5 8c 4c-17 4a 60 ad 7a b3 64 d3 .......L.J`.z.d.
02e0 - 09 e8 4e fd 00 61 6c 01-bd 06 e4 20 1c 64 bf ad ..N..al.... .d..
02f0 - fb ca 8f 82 4e 13 55 cb-c8 e4 f2 2f ee 12 82 f5 ....N.U..../....
0300 - a0 4c ef 09 31 22 d9 59-84 a2 2a 6f 29 59 aa 7b .L..1".Y..*o)Y.{
0310 - c7 ef b6 5d 02 a2 5f 1f-25 ce 2e 95 57 6f 2b e4 ...].._.%...Wo+.
0320 - 28 51 44 14 6b 02 12 80-dd fe fb 88 e2 c0 71 df (QD.k.........q.
0330 - 56 f1 79 5f ca 72 62 ed-e5 94 17 70 4d ef d2 22 V.y_.rb....pM.."
0340 - 2d 5e a5 e5 24 d8 d3 4c-5d 4c 49 93 f0 e5 40 d2 -^..$..L]LI...@.
0350 - c8 7c 4d bf 94 03 f7 9d-af 29 f6 9e 8e d0 7d fd .|M......)....}.
0360 - cf f6 9e 29 c9 6d fb de-90 82 5a b9 6d cd 76 9b ...).m....Z.m.v.
0370 - 2c 0c b1 75 a5 71 84 58-c9 ec e0 47 2f 08 15 82 ,..u.q.X...G/...
0380 - 21 89 a2 a6 a9 b0 c2 aa-a1 68 26 30 d2 37 94 ec !........h&0.7..
0390 - ac 16 6a 6b 59 e1 99 3e-3d e6 e7 c9 05 89 40 e4 ..jkY..>=.....@.
03a0 - 1e 26 c4 d5 5e 49 2d 4d-a7 3c fb a6 73 ae 1e 07 .&..^I-M.<..s...
03b0 - 23 21 67 14 4f 12 1b 8d-dc 09 3d 6a 79 eb 66 57 #!g.O.....=jy.fW
03c0 - 95 4a c9 94 b1 48 a8 2e-22 1c 60 ca 67 a8 85 08 .J...H..".`.g...
03d0 - b9 ff 92 48 10 da 51 0a-7f 7a 0e e8 4d a6 5f 36 ...H..Q..z..M._6
03e0 - 39 8d 01 66 8a 42 af 2c-2e 42 f1 b0 7c 61 35 e9 9..f.B.,.B..|a5.
03f0 - 58 c8 9f 1e bf 49 cb 68-28 e9 0d 76 6e 3a d2 9d X....I.h(..vn:..
0400 - b1 ab e7 f3 7c 8a 3e 09-43 f2 c7 76 7d 97 62 95 ....|.>.C..v}.b.
0410 - ba d6 9a 96 b5 8a b5 b5-55 53 ac 53 72 bb 67 b7 ........US.Sr.g.
0420 - 6a af c5 79 7b e5 bd f5-e3 5a 22 f2 24 1d bf 50 j..y{....Z".$..P
Start Time: 1438677680
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
^C
[arun@ clientcert]$
[arun@ selfcert]$
[arun@ selfcert]$ openssl s_client -cert ./selfcert.pem -key ./privkey.pem -CAfile ../cacert/cacert.pem
Enter pass phrase for ./privkey.pem:
CONNECTED(00000003)
depth=1 C = IN, ST = Karnataka, L = Bangalore, O = freelance, OU = IT, CN = blogspot.in, emailAddress = test@blogspot
verify return:1
depth=0 C = IN, ST = TamilNadu, L = Chennai, O = consultant, OU = IT, CN = freelance, emailAddress = test@freelance
verify return:1
139821023172472:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1293:SSL alert number 48
139821023172472:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
Certificate chain
0 s:/C=IN/ST=TamilNadu/L=Chennai/O=consultant/OU=IT/CN=freelance/emailAddress=test@freelance
i:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
1 s:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
i:/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDkDCCAngCCQCdtNefIFwpWTANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRIwEAYD
VQQKDAlmcmVlbGFuY2UxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAtibG9nc3BvdC5p
bjEcMBoGCSqGSIb3DQEJARYNdGVzdEBibG9nc3BvdDAeFw0xNTA4MDQwNzUzMzda
Fw0xODExMTYwNzUzMzdaMIGIMQswCQYDVQQGEwJJTjESMBAGA1UECAwJVGFtaWxO
YWR1MRAwDgYDVQQHDAdDaGVubmFpMRMwEQYDVQQKDApjb25zdWx0YW50MQswCQYD
VQQLDAJJVDESMBAGA1UEAwwJZnJlZWxhbmNlMR0wGwYJKoZIhvcNAQkBFg50ZXN0
QGZyZWVsYW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxdkP/y
z4OsmWuNZF2V9N9r4ctmKwU0ylI2Q7Y6Icmtr3MjC+Od3HAjmJL/X/1Lix1+fgbb
OwENwauRSn2NOyX1GApNkcG/htdZIKQe/r5TjVGvGkv7thNIUe2uIHedhyswXoHI
WUMd0iC56YApaM5AJCh06BeOgTjANSfrApNUvC/AFQmsTfqTHqK5q7q6eGMFa5ZR
TTLfOtvsbsXTopnN1ncMo7txhLSopbQA2Dd2rQe0j73DvBKQjpNFa6BHzIKRBZs7
S00MpG5UWc60MLBmUMTrE3GXl3hPlYy3DgcaJpXCQyJc+xVj5lDw6testj4C5694
NPXneMHsVzEkHuECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAfnrLMV/izdKiFwnY
0Lj+mvFBnJcv5b2kX23blLxFQ5XATmxFe1HyA9JafpJDhV6PprVdmrNUoRWRPnNN
dm6mYUaK8IzOGW7WiQ89TSbHTaN3Y83nzd4freE+GwtISEEKELsF21l7Go+vByd2
4dv9F1ye7e+HcBtRshapRnlTqmCQvUJ0G/SQVfpfI4RUL+vGDX7n+DOBNCEcNa7A
B7I/WsdjV1Km2aHZms1WTGXSKGyYU13JdaoCjCSwZfWLl17n4YPRgmQ7KZ4H7fQy
NisdAewtaDbZWNEVD48/NZfziC+qFL7uw54cLJEntjy2y1iHB6Yx/vSbApapCzCu
sOHwHg==
-----END CERTIFICATE-----
subject=/C=IN/ST=TamilNadu/L=Chennai/O=consultant/OU=IT/CN=freelance/emailAddress=test@freelance
issuer=/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
---
Acceptable client certificate CA names
/C=IN/ST=Karnataka/L=Bangalore/O=freelance/OU=IT/CN=blogspot.in/emailAddress=test@blogspot
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2549 bytes and written 1399 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
Session-ID-ctx:
Master-Key: A1B4D3068C61C4CA0F626A249F6E1373B11C3F019FC6732FFFBB849B1A2F4E5A04E072793FDBD5D5FD12641F80114135
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1438677726
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[arun@ selfcert]$
No comments:
Post a Comment