{"id":1683,"date":"2012-08-28T17:03:40","date_gmt":"2012-08-28T16:03:40","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=1683"},"modified":"2012-08-28T19:46:04","modified_gmt":"2012-08-28T18:46:04","slug":"openssl-generate-csr-and-test-signed-x-509-certificate","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=1683","title":{"rendered":"OpenSSL &#8211; Generate CSR and Test Signed x.509 Certificate"},"content":{"rendered":"<p><strong>Another personal aide-memoir for SSL testing:<\/strong><br \/>\nThis method uses OpenSSL to create public\/private keys pair and submit the public key to a Certificate Signing Authority to be signed by that CA.  The procedure uses various methods to test certificates and SSL connections to web servers:<!--more--><\/p>\n<p>There are basically only two commands to generate the public\/private keys and the .csr:<\/p>\n<ul>\n<li>openssl genrsa -out server.key 1024<\/li>\n<li>openssl req -new -in server.key -out server.csr<\/li>\n<\/ul>\n<p><strong>GENERATE PUBLIC\/PRIVATE KEYS:<\/strong><br \/>\n<code>C:\\openssl\\bin>openssl genrsa -out keys\/server.key 1024<br \/>\nLoading 'screen' into random state - done<br \/>\nGenerating RSA private key, 1024 bit long modulus<br \/>\n...................................++++++<br \/>\n..........++++++<br \/>\ne is 65537 (0x10001)<\/code><\/p>\n<p><code>C:\\openssl\\bin>dir keys<br \/>\n Volume in drive C has no label.<br \/>\n Volume Serial Number is 00B5-C395<\/p>\n<p> Directory of C:\\openssl\\bin\\keys<\/p>\n<p>28\/08\/2012  15:22    <DIR>          .<br \/>\n28\/08\/2012  15:22    <DIR>          ..<br \/>\n28\/08\/2012  15:22               887 server.key<br \/>\n               1 File(s)            887 bytes<br \/>\n               2 Dir(s)  103,365,087,232 bytes free<\/code><\/p>\n<p><strong>LOOK INSIDE FILE:<\/strong><br \/>\n<code>C:\\openssl\\bin>openssl rsa -in keys\/server.key -text -noout<br \/>\nPrivate-Key: (1024 bit)<br \/>\nmodulus:<br \/>\n    00:c5:c3:c4:4d:b2:e4:3b:a5:d9:72:32:2f:68:de:<br \/>\n    ea:ed:df:e2:65:c3:5f:c4:7a:f9:0a:73:38:ca:b1:<br \/>\n[snip]<br \/>\n    21:2b:f8:9f:d7:d1:ba:62:69:75:b1:b2:65:dd:eb:<br \/>\n    c5:56:71:49:7e:16:20:f9:ea:3a:79:75:74:12:90:<br \/>\n    cb:c2:18:af:30:ea:41:86:6d<br \/>\npublicExponent: 65537 (0x10001)<br \/>\nprivateExponent:<br \/>\n    73:99:2f:11:cb:d3:a5:1a:18:b4:ab:a9:12:bf:da:<br \/>\n    cb:18:e7:19:5c:ce:89:e6:e7:d3:b7:ee:26:6d:33:<br \/>\n[snip]<br \/>\n    fa:ce:24:07:87:4d:d4:3c:41:fc:52:bc:6a:1d:b2:<br \/>\n    9b:53:68:6a:f7:ef:28:f1<br \/>\nprime1:<br \/>\n    00:e1:26:92:3e:18:3c:2d:6a:98:d6:9e:b7:cd:26:<br \/>\n    10:67:27:e7:02:26:04:2e:3b:9b:a5:ea:97:8c:e4:<br \/>\n    90:6b:87:d9:7e:29:5f:21:1c:00:74:01:13:23:54:<br \/>\n    bc:f3:6f:14:0a:14:17:03:6e:91:60:ab:9c:57:20:<br \/>\n    d0:0a:50:c9:ff<br \/>\nprime2:<br \/>\n    00:e0:dc:99:b7:c8:82:b7:9b:ab:37:8f:b4:ff:18:<br \/>\n    a7:85:be:21:31:c6:6a:7f:59:17:8a:a6:90:c3:f1:<br \/>\n    20:d7:3b:da:b4:e7:07:a0:32:4c:a2:4c:82:ea:86:<br \/>\n    8f:2e:27:3f:b4:1c:10:07:a0:db:9a:96:d3:32:bc:<br \/>\n    56:e0:08:77:93<br \/>\nexponent1:<br \/>\n    00:d5:a0:ca:6b:de:84:e2:b6:dc:f3:ee:bf:09:09:<br \/>\n    0f:d1:40:fc:20:7e:bf:c2:ba:4e:31:fc:47:f5:a8:<br \/>\n    3d:1b:ba:57:74:2c:7f:15:a4:43:0d:ce:a3:41:07:<br \/>\n    bb:0c:e3:9d:48:fe:cc:e3:35:ba:fc:d5:77:ce:f7:<br \/>\n    d4:4d:a5:60:33<br \/>\nexponent2:<br \/>\n    00:c7:05:b9:f0:96:c2:4b:ec:b6:70:a8:fb:54:45:<br \/>\n    e8:10:52:26:63:3d:f1:08:e2:3c:19:f6:2f:6f:9e:<br \/>\n    3e:a9:02:4b:23:8e:d0:8b:13:ba:0c:74:97:f3:28:<br \/>\n    42:16:61:9a:da:b9:73:de:ac:9b:72:8a:48:48:41:<br \/>\n    b6:ca:f7:f3:8d<br \/>\ncoefficient:<br \/>\n    46:4b:d6:ba:90:f5:76:d0:4e:dd:26:87:79:83:a2:<br \/>\n    c4:c3:10:32:f8:08:b2:bc:6f:9f:22:09:7d:96:e4:<br \/>\n    6f:63:68:ef:98:2d:cf:5b:0a:43:ee:52:ef:1c:a6:<br \/>\n    85:60:cc:b1:b1:db:3f:79:8d:c9:13:59:1c:70:52:<br \/>\n    16:50:47:b3<\/p>\n<p>C:\\openssl\\bin><\/code><\/p>\n<p><strong>REMEMBERING THAT:<\/strong><br \/>\n<strong>c = m^e mod n<br \/>\nand<br \/>\nm = c^d mod n<\/strong><\/p>\n<p>These are the components within the file created:<\/p>\n<p><strong>n (modulus) is:<\/strong><br \/>\n<code>modulus:<br \/>\n    00:c5:c3:c4:4d:b2:e4:3b:a5:d9:72:32:2f:68:de:<br \/>\n    ea:ed:df:e2:65:c3:5f:c4:7a:f9:0a:73:38:ca:b1:<br \/>\n[snip]<br \/>\n    c5:56:71:49:7e:16:20:f9:ea:3a:79:75:74:12:90:<br \/>\n    cb:c2:18:af:30:ea:41:86:6d<\/code><\/p>\n<p><strong>e (encryption, not critical.  e.g. RSA uses 65537 mostly):<\/strong><br \/>\n<code>publicExponent: 65537 (0x10001)<\/code><br \/>\n<strong><br \/>\nd (private key):<\/strong><br \/>\n<code>privateExponent:<br \/>\n    73:99:2f:11:cb:d3:a5:1a:18:b4:ab:a9:12:bf:da:<br \/>\n[snip]<br \/>\n    fa:ce:24:07:87:4d:d4:3c:41:fc:52:bc:6a:1d:b2:<br \/>\n    9b:53:68:6a:f7:ef:28:f1<\/code><\/p>\n<p><strong>GENERATE CERTIFICATE SIGNING REQUEST:<\/strong><br \/>\n<em>Note: On Windows you can also set the environment property OPENSSL_CONF. For example from the commandline you can type:<\/em><br \/>\nset OPENSSL_CONF=c:\/openssl\/share\/openssl.cnf<br \/>\nto validate it you can type:<br \/>\necho %OPENSSL_CONF%<br \/>\nNow you can run openssl commands without having to pass the -config &#8220;location of openssl.cnf&#8221; parameter<\/p>\n<p>Example:<br \/>\n<code>C:\\openssl>set OPENSSL_CONF=c:\/openssl\/share\/openssl.cnf<br \/>\nC:\\openssl>echo %OPENSSL_CONF%<br \/>\nc:\/openssl\/share\/openssl.cnf<br \/>\nC:\\openssl><\/code><\/p>\n<p><strong>NOW GENERATE CSR:<\/strong><br \/>\n<code>C:\\openssl\\bin>openssl req -new -key keys\/server.key -out csr\/server.csr<br \/>\nLoading 'screen' into random state - done<br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter '.', the field will be left blank.<br \/>\n-----<br \/>\nCountry Name (2 letter code) [AU]:EN<br \/>\nState or Province Name (full name) [Some-State]:Surrey<br \/>\nLocality Name (eg, city) []:East Horsley<br \/>\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Daren Matthews<br \/>\nOrganizational Unit Name (eg, section) []:Daren Matthews<br \/>\nCommon Name (eg, YOUR name) []:Daren Matthews<br \/>\nEmail Address []:daren@domain.com<\/p>\n<p>Please enter the following 'extra' attributes<br \/>\nto be sent with your certificate request<br \/>\nA challenge password []:<br \/>\nAn optional company name []:<\/p>\n<p>C:\\openssl\\bin><\/code><br \/>\n<strong><br \/>\nTO EXAMINE CONTENTS OF CSR:<\/strong><br \/>\n<code>openssl req -in server.csr -text -noout<\/code><\/p>\n<p>Example:<br \/>\n<code>C:\\openssl\\bin>openssl req -in csr\/server.csr -text -noout<br \/>\nCertificate Request:<br \/>\n    Data:<br \/>\n        Version: 0 (0x0)<br \/>\n        Subject: C=EN, ST=Surrey, L=East Horsley, O=Daren Matthews, OU=Daren Mat<br \/>\nthews, CN=Daren Matthews\/emailAddress=daren@domain.com<br \/>\n        Subject Public Key Info:<br \/>\n            Public Key Algorithm: rsaEncryption<br \/>\n            RSA Public Key: (1024 bit)<br \/>\n                Modulus (1024 bit):<br \/>\n                    00:c5:c3:c4:4d:b2:e4:3b:a5:d9:72:32:2f:68:de:<br \/>\n                    ea:ed:df:e2:65:c3:5f:c4:7a:f9:0a:73:38:ca:b1:<br \/>\n                    d2:89:c3:03:df:d9:ae:f6:04:63:07:fe:d2:6b:6d:<br \/>\n                    35:79:b0:9f:7b:1a:6d:38:53:14:ea:ae:73:c8:08:<br \/>\n                    41:cb:20:0d:7c:33:ae:41:ae:a9:cb:28:74:e1:0b:<br \/>\n                    8f:93:b1:27:bd:6f:a1:54:c1:d6:31:0b:02:c0:6f:<br \/>\n                    21:2b:f8:9f:d7:d1:ba:62:69:75:b1:b2:65:dd:eb:<br \/>\n                    c5:56:71:49:7e:16:20:f9:ea:3a:79:75:74:12:90:<br \/>\n                    cb:c2:18:af:30:ea:41:86:6d<br \/>\n                Exponent: 65537 (0x10001)<br \/>\n        Attributes:<br \/>\n            a0:00<br \/>\n    Signature Algorithm: sha1WithRSAEncryption<br \/>\n        38:ac:9e:24:71:45:ad:fd:b0:57:2d:ea:b8:2c:70:34:9a:bc:<br \/>\n        b9:7b:d8:f4:70:ef:27:65:97:18:7c:e5:2b:49:1a:53:43:2c:<br \/>\n        2a:31:4a:c2:39:73:84:e1:96:70:ea:e9:48:eb:f1:c3:06:6d:<br \/>\n        08:e9:06:ce:f0:63:e0:e9:20:75:17:e5:96:03:2c:e3:4e:c1:<br \/>\n        ae:5a:7e:04:35:ff:f1:8a:d3:7c:2b:46:8b:2d:a1:96:f6:35:<br \/>\n        ad:b5:70:08:76:ad:37:6d:a8:8e:b3:66:a7:8b:2c:cc:1e:a9:<br \/>\n        10:c9:90:82:78:8e:fb:68:98:f3:61:26:14:ed:70:76:cc:f9:<br \/>\n        4f:1f<\/p>\n<p>C:\\openssl\\bin><\/code><\/p>\n<p>NOTICE:  The CSR contains the &#8220;name&#8221; (CN), modulus (n) and the Exponent (e.g. RSA = 65537):<br \/>\n<code><br \/>\nCN=Daren Matthews\/emailAddress=daren@domain.com<\/code><\/p>\n<p><code>Modulus (1024 bit):<br \/>\n00:c5:c3:c4:4d:b2:e4:3b:a5:d9:72:32:2f:68:de:<br \/>\nea:ed:df:e2:65:c3:5f:c4:7a:f9:0a:73:38:ca:b1:<br \/>\n[snip]<br \/>\ncb:c2:18:af:30:ea:41:86:6d<\/code><\/p>\n<p><code>Exponent: 65537 (0x10001)<\/code><\/p>\n<p><strong>THE CERTIFICATE REQUEST (CSR) is PEM ENCODED:<\/strong><\/p>\n<p><code>-----BEGIN CERTIFICATE REQUEST-----<br \/>\nMIIB6TCCAVICAQAwgagxCzAJBgNVBAYTAkVOMQ8wDQYDVQQIEwZTdXJyZXkxFTAT<br \/>\nBgNVBAcTDEVhc3QgSG9yc2xleTEXMBUGA1UEChMORGFyZW4gTWF0dGhld3MxFzAV<br \/>\nBgNVBAsTDkRhcmVuIE1hdHRoZXdzMRcwFQYDVQQDEw5EYXJlbiBNYXR0aGV3czEm<br \/>\nMCQGCSqGSIb3DQEJARYXZGFyZW5AZGFyZW5tYXR0aGV3cy5jb20wgZ8wDQYJKoZI<br \/>\nhvcNAQEBBQADgY0AMIGJAoGBAMXDxE2y5Dul2XIyL2je6u3f4mXDX8R6+QpzOMqx<br \/>\n0onDA9\/ZrvYEYwf+0mttNXmwn3sabThTFOquc8gIQcsgDXwzrkGuqcsodOELj5Ox<br \/>\nJ71voVTB1jELAsBvISv4n9fRumJpdbGyZd3rxVZxSX4WIPnqOnl1dBKQy8IYrzDq<br \/>\nQYZtAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQA4rJ4kcUWt\/bBXLeq4LHA0mry5<br \/>\ne9j0cO8nZZcYfOUrSRpTQywqMUrCOXOE4ZZw6ulI6\/HDBm0I6QbO8GPg6SB1F+WW<br \/>\nAyzjTsGuWn4ENf\/xitN8K0aLLaGW9jWttXAIdq03baiOs2aniyzMHqkQyZCCeI77<br \/>\naJjzYSYU7XB2zPlPHw==<br \/>\n-----END CERTIFICATE REQUEST-----<\/code><\/p>\n<p><strong>SUBMIT TO SIGNING AUTHORITY<\/strong><br \/>\nIt is typical that you \u201ccut and paste\u201d this text into a web page to submit your .csr to the signing authority.<\/p>\n<p>&#8211; You submit payment and your .csr to Verisign (or other CA)<br \/>\n&#8211; Verisign somehow verify that \u201cyou are who you claim to be&#8221;<br \/>\n&#8211; Verisign will sign and send you your X.509 certificate!<\/p>\n<p><strong>To examine the contents of an x.509 Certificate:<\/strong><br \/>\n<code>openssl x509 -in server.crt -noout -text<\/code><\/p>\n<p><strong>TESTING:<\/strong><br \/>\nTry:<br \/>\n<code>openssl s_client -connect <machine>:<port> -debug -state<\/code><br \/>\n(port numbers can change for SSL.  Usually 443)<br \/>\n<em>What this does is gives you a lot of output, but most importantly, a bidirectional SSL connection to your web server.<\/em><\/p>\n<p><strong>Example using public server:<\/strong><br \/>\n<code>openssl s_client -connect filebox.ece.vt.edu:443 -debug -state<\/code><br \/>\nWe now use HTTP dialogue to talk to the server. There is no prompt:<br \/>\n<code>GET \/ HTTP1.0<enter><br \/>\n<enter><\/code><br \/>\nafter which you receive more output, from HTML contained within the SSL connection.<\/p>\n<p>Example:<br \/>\n<code>[snip]<\/p>\n<p>1710 - c4 d2 e0 da 24 39 79 13-93 f1 e1 d4 cc 85 b0 fa   ....$9y.........<br \/>\n1720 - 91 1a 16 14 ca 63 fb 3e-b7 8e 11 71 04 fc 05 d8   .....c.>...q....<br \/>\n1730 - 36 c1 2a fe 54 02 52 ee-39 60 90 c2 69 e3 60 46   6.*.T.R.9`..i.`F<br \/>\n1740 - ba 03 22 73 0b                                    ..\"s.<br \/>\ndepth=3 \/CN=GlobalSign RootSign Partners CA\/OU=RootSign Partners CA\/O=GlobalSign<br \/>\n nv-sa\/C=BE<br \/>\nverify error:num=20:unable to get local issuer certificate<br \/>\nverify return:0<br \/>\nSSL_connect:SSLv3 read server certificate A<br \/>\nread from 0x1e94f40 [0x1e9b530] (5 bytes => 5 (0x5))<br \/>\n0000 - 16 03 01 02 0d                                    .....<br \/>\nread from 0x1e94f40 [0x1e9b535] (525 bytes => 525 (0x20D))<br \/>\n0000 - 0c 00 02 09 00 80 e6 96-9d 3d 49 5b e3 2c 7c f1   .........=I[.,|.<br \/>\n0010 - 80 c3 bd d4 79 8e 91 b7-81 82 51 bb 05 5e 2a 20   ....y.....Q..^*<br \/>\n0020 - 64 90 4a 79 a7 70 fa 15-a2 59 cb d5 23 a6 a6 ef   d.Jy.p...Y..#...<br \/>\n0030 - 09 c4 30 48 d5 a2 2f 97-1f 3c 20 12 9b 48 00 0e   ..0H..\/..< ..H..\n0040 - 6e dd 06 1c bc 05 3e 37-1d 79 4e 53 27 df 61 1e   n.....>7.yNS'.a.<br \/>\n0050 - bb be 1b ac 9b 5c 60 44-cf 02 3d 76 e0 5e ea 9b   .....\\`D..=v.^..<br \/>\n0060 - ad 99 1b 13 a6 3c 97 4e-9e f1 83 9e b5 db 12 51   .....<.N.......Q\n0070 - 36 f7 26 2e 56 a8 87 15-38 df d8 23 c6 50 50 85   6.&#038;.V...8..#.PP.\n0080 - e2 1f 0d d5 c8 6b 00 01-02 00 80 68 de 34 70 84   .....k.....h.4p.\n0090 - 9f 22 7d 30 d6 a0 ff 9a-9d 69 01 85 e4 9c 11 f6   .\"}0.....i......\n00a0 - 0d 03 55 04 99 03 2d b1-c7 3a b3 00 25 42 d4 dd   ..U...-..:..%B..\n00b0 - fc 94 81 76 8b 10 a6 2d-94 e3 07 29 d2 25 ea 7f   ...v...-...).%..\n00c0 - e7 77 0e ce 1d b5 51 28-0e 7f 72 99 3a d7 a3 a2   .w....Q(..r.:...\n00d0 - 15 2f bf 2a 8c 65 aa 81-d5 2b 06 e7 11 65 ee d7   .\/.*.e...+...e..\n00e0 - 04 f1 56 4b 49 93 34 3d-06 5e 15 6a 79 51 d5 1d   ..VKI.4=.^.jyQ..\n00f0 - f1 48 24 df df d7 03 68-ef f1 14 e1 f7 fb 06 3b   .H$....h.......;\n0100 - 58 c9 a7 1a 29 fd ff 4c-d9 36 8b 01 00 34 c5 9f   X...)..L.6...4..\n0110 - d5 8c ec b1 e1 df 42 76-82 eb 5b 29 84 2d bd 39   ......Bv..[).-.9\n0120 - 48 08 ea ed 65 c7 95 d4-e2 2e 30 0f 66 90 d0 76   H...e.....0.f..v\n0130 - b7 71 0f 16 d8 4d c0 c2-22 48 a1 40 9f ac a9 cb   .q...M..\"H.@....\n0140 - a5 8b 54 50 be 9a 90 4b-1d a9 f8 6d 93 0d c9 73   ..TP...K...m...s\n0150 - 03 90 24 4c bf e1 af 71-c6 17 59 b4 45 d9 7f 9d   ..$L...q..Y.E...\n0160 - 45 0e cd 8b 45 48 50 58-e8 ca 6c 60 62 56 c5 70   E...EHPX..l`bV.p\n0170 - 71 12 ce 33 a3 62 63 fa-86 a0 5b d0 20 f9 5f 53   q..3.bc...[. ._S\n0180 - 07 5e 39 af a8 8a 79 c7-ce 5a cd be b6 6e 78 85   .^9...y..Z...nx.\n0190 - b4 ea 55 bc 5b cb f9 e2-ef 79 3a 2a 7d 98 69 63   ..U.[....y:*}.ic\n01a0 - e1 37 6c 74 ab 7a 4e 88-af 0f 5c 8f 7a 67 b5 0f   .7lt.zN...\\.zg..\n01b0 - c5 f8 72 ed 28 72 76 54-b3 e4 be 9b cd dc b2 27   ..r.(rvT.......'\n01c0 - 6c 9c 24 02 e6 8a d3 24-2a 63 67 60 8d 5a b9 ef   l.$....$*cg`.Z..\n01d0 - 2a 9c 10 5d f7 89 2c d8-10 0b f4 7b f2 31 f0 95   *..]..,....{.1..\n01e0 - 52 9f f4 20 f2 1b 25 75-48 be 92 1a a0 ab 00 ad   R.. ..%uH.......\n01f0 - 36 88 8d 38 ae e3 c5 da-1a fc 9d 56 d0 a3 d2 45   6..8.......V...E\n0200 - a8 91 58 6b 38 b7 5a 3c-3c 7d 56 4f d1            ..Xk8.Z<<}VO.\nSSL_connect:SSLv3 read server key exchange A\nread from 0x1e94f40 [0x1e9b530] (5 bytes => 5 (0x5))<br \/>\n0000 - 16 03 01 00 04                                    .....<br \/>\nread from 0x1e94f40 [0x1e9b535] (4 bytes => 4 (0x4))<br \/>\n0000 - 0e                                                .<br \/>\n0004 - <SPACES\/NULS><br \/>\nSSL_connect:SSLv3 read server done A<br \/>\nwrite to 0x1e94f40 [0x1ea5678] (139 bytes => 139 (0x8B))<br \/>\n0000 - 16 03 01 00 86 10 00 00-82 00 80 3c 31 70 e4 14   ...........<1p..\n0010 - 09 20 e2 fa ca cb 52 02-f2 1a 04 f8 5d c5 9a 09   . ....R.....]...\n0020 - 5d 69 91 90 08 a9 5a 0b-3a 43 a0 77 6f f7 4e 00   ]i....Z.:C.wo.N.\n0030 - 9f ba 5c 7e 9c c9 21 a1-3e eb 3d 48 fb f8 99 5b   ..\\~..!.>.=H...[<br \/>\n0040 - 6b 09 66 1f 42 44 58 53-dc 83 82 45 71 f5 e7 be   k.f.BDXS...Eq...<br \/>\n0050 - 98 d5 a2 ac 93 81 3a 54-28 68 90 73 1d f2 19 5a   ......:T(h.s...Z<br \/>\n0060 - 8a 00 66 36 e0 dd 93 16-de d3 c6 b4 77 b9 4b 24   ..f6........w.K$<br \/>\n0070 - 91 55 33 de 30 39 b6 2e-73 d3 8c 27 f3 96 82 03   .U3.09..s..'....<br \/>\n0080 - f9 b0 ff 74 20 97 74 7a-94 ef 04                  ...t .tz...<br \/>\nSSL_connect:SSLv3 write client key exchange A<br \/>\nwrite to 0x1e94f40 [0x1ea5678] (6 bytes => 6 (0x6))<br \/>\n0000 - 14 03 01 00 01 01                                 ......<br \/>\nSSL_connect:SSLv3 write change cipher spec A<br \/>\nwrite to 0x1e94f40 [0x1ea5678] (53 bytes => 53 (0x35))<br \/>\n0000 - 16 03 01 00 30 9f 94 da-a0 55 bb 9e 0b 47 10 3b   ....0....U...G.;<br \/>\n0010 - db ed a4 82 57 e4 b0 f1-47 4f 4f b5 3b ad 3a 80   ....W...GOO.;.:.<br \/>\n0020 - 53 58 fd f5 51 63 1f 3c-80 47 20 94 9d ad 0c f2   SX..Qc.<.G .....\n0030 - 23 96 ce 0d 19                                    #....\nSSL_connect:SSLv3 write finished A\nSSL_connect:SSLv3 flush data\nread from 0x1e94f40 [0x1e9b530] (5 bytes => 5 (0x5))<br \/>\n0000 - 14 03 01 00 01                                    .....<br \/>\nread from 0x1e94f40 [0x1e9b535] (1 bytes => 1 (0x1))<br \/>\n0000 - 01                                                .<br \/>\nread from 0x1e94f40 [0x1e9b530] (5 bytes => 5 (0x5))<br \/>\n0000 - 16 03 01 00 30                                    ....0<br \/>\nread from 0x1e94f40 [0x1e9b535] (48 bytes => 48 (0x30))<br \/>\n0000 - 8e 2e 6b 42 24 cf 5d ec-32 fd 63 c8 95 a5 04 fa   ..kB$.].2.c.....<br \/>\n0010 - 64 56 ad e6 74 64 2d 08-44 d8 6a a1 e3 00 8a 6e   dV..td-.D.j....n<br \/>\n0020 - 23 01 d1 ad 3f 74 1f bb-2a b4 11 f9 3c 95 26 ec   #...?t..*...<.&#038;.\nSSL_connect:SSLv3 read finished A\n---\nCertificate chain\n 0 s:\/CN=filebox.ece.vt.edu\/OU=Electrical and Computer Engineering\/O=Virginia Po\nlytechnic Institute and State University\/L=Blacksburg\/ST=Virginia\/DC=vt\/DC=edu\/C\n=US\n   i:\/CN=Virginia Tech Global Server CA\/OU=Global Server CA\/O=Virginia Tech\/C=US\n\n 1 s:\/CN=Virginia Tech Global Server CA\/OU=Global Server CA\/O=Virginia Tech\/C=US\n\n   i:\/C=US\/O=Virginia Tech\/OU=Global Root CA\/CN=Virginia Tech Global Root CA\n 2 s:\/C=US\/O=Virginia Tech\/OU=Global Root CA\/CN=Virginia Tech Global Root CA\n   i:\/CN=GlobalSign RootSign Partners CA\/OU=RootSign Partners CA\/O=GlobalSign nv\n-sa\/C=BE\n 3 s:\/CN=GlobalSign RootSign Partners CA\/OU=RootSign Partners CA\/O=GlobalSign nv\n-sa\/C=BE\n   i:\/C=BE\/O=GlobalSign nv-sa\/OU=Root CA\/CN=GlobalSign Root CA\n---\nServer certificate\n-----BEGIN CERTIFICATE-----\nMIIGgDCCBGigAwIBAgIINUxcbip+4LIwDQYJKoZIhvcNAQEFBQAwaTEnMCUGA1UE\nAwweVmlyZ2luaWEgVGVjaCBHbG9iYWwgU2VydmVyIENBMRkwFwYDVQQLDBBHbG9i\nYWwgU2VydmVyIENBMRYwFAYDVQQKDA1WaXJnaW5pYSBUZWNoMQswCQYDVQQGEwJV\n[snip]\nsVUPxI50Wqa9U+5TqGMZhiux\/dvs3r6i5yeVaso7efdY2oGZ4RlQxxti\/bkkP98r\n6yoXWiNhSAkHUe4izOYi2YScBrd9gzUA+DY\/7BNWiOivdGA+\n-----END CERTIFICATE-----\nsubject=\/CN=filebox.ece.vt.edu\/OU=Electrical and Computer Engineering\/O=Virginia\n Polytechnic Institute and State University\/L=Blacksburg\/ST=Virginia\/DC=vt\/DC=ed\nu\/C=US\nissuer=\/CN=Virginia Tech Global Server CA\/OU=Global Server CA\/O=Virginia Tech\/C=\nUS\n---\nNo client certificate CA names sent\n---\nSSL handshake has read 6639 bytes and written 322 bytes\n---\nNew, TLSv1\/SSLv3, Cipher is DHE-RSA-AES256-SHA\nServer public key is 2048 bit\nCompression: NONE\nExpansion: NONE\nSSL-Session:\n    Protocol  : TLSv1\n    Cipher    : DHE-RSA-AES256-SHA\n    Session-ID: 8BE0ED07DBF01AE08C27A6C9328852ECB14949F1FFB85D19A0D1C2257365A88A\n\n    Session-ID-ctx:\n    Master-Key: C46CF2C0EA9B476CCF71D8725FFE24C5DC36DF0BADFA023F49D55F7EDD97FA93\nE306A9F262A024E20036F91FFC9CFFB1\n    Key-Arg   : None\n    Start Time: 1346168082\n    Timeout   : 300 (sec)\n    Verify return code: 20 (unable to get local issuer certificate)\n---\nGET \/ HTTP1.0\nwrite to 0x1e94f40 [0x1e9fd40] (90 bytes => 90 (0x5A))<br \/>\n0000 - 17 03 01 00 20 4c a3 34-79 34 b2 49 1d 87 83 42   .... L.4y4.I...B<br \/>\n0010 - 6e 96 bf 1c 45 28 78 4f-82 6c f3 41 69 51 a4 81   n...E(xO.l.AiQ..<br \/>\n0020 - 65 8a 12 e0 af 17 03 01-00 30 26 ac 64 5a 78 df   e........0&.dZx.<br \/>\n0030 - d3 21 13 2c 6c f9 55 50-68 1a 56 95 e8 44 35 92   .!.,l.UPh.V..D5.<br \/>\n0040 - 52 83 c3 5a 98 33 10 3f-c5 07 3d 77 2b a9 f9 d9   R..Z.3.?..=w+...<br \/>\n0050 - 84 c8 95 a4 f7 0a 81 5c-77 af                     .......\\w.<\/p>\n<p>GET \/ HTTP1.1<br \/>\nwrite to 0x1e94f40 [0x1e9fd40] (90 bytes => 90 (0x5A))<br \/>\n0000 - 17 03 01 00 20 e9 b3 5c-b3 3a da 26 66 08 92 cf   .... ..\\.:.&f...<br \/>\n0010 - 22 a1 db 01 92 36 07 be-04 77 59 9d 8b e6 da e6   \"....6...wY.....<br \/>\n0020 - b5 4b fa 27 2d 17 03 01-00 30 8a 2a f1 74 54 25   .K.'-....0.*.tT%<br \/>\n0030 - 4b 12 93 33 b6 f0 8c 1e-5f 60 85 76 66 23 33 78   K..3...._`.vf#3x<br \/>\n0040 - 7d 1a 58 d1 00 45 77 29-c2 0f ae 0b f9 d8 ef d5   }.X..Ew)........<br \/>\n0050 - f6 05 7a 74 ef a5 10 14-84 ed                     ..zt......<\/p>\n<p>HEAD \/ HTTP1.1<br \/>\nwrite to 0x1e44f40 [0x1e4fd40] (90 bytes => 90 (0x5A))<br \/>\n0000 - 17 03 01 00 20 a2 c0 20-19 3b 89 d6 ec 98 c2 6b   .... .. .;.....k<br \/>\n0010 - 01 38 e4 7c a6 29 5b 8e-df 04 26 ef 20 a0 1a 28   .8.|.)[...&. ..(<br \/>\n0020 - 8c 07 ec e8 48 17 03 01-00 30 11 7a 7e 57 de 6e   ....H....0.z~W.n<br \/>\n0030 - 3b 1b 99 11 bf 2a 90 36-07 67 6f d4 d3 8c fb df   ;....*.6.go.....<br \/>\n0040 - 9d 62 5b 36 41 f1 05 9a-25 78 1c 63 82 2d dc 5a   .b[6A...%x.c.-.Z<br \/>\n0050 - 69 dd e0 31 41 73 ee e6-4d d7                     i..1As..M.<br \/>\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Another personal aide-memoir for SSL testing: This method uses OpenSSL to create public\/private keys pair and submit the public key to a Certificate Signing Authority to be signed by that CA. The procedure uses various methods to test certificates and SSL connections to web servers:<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[13],"tags":[62,56],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1683"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1683"}],"version-history":[{"count":7,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1683\/revisions"}],"predecessor-version":[{"id":1697,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1683\/revisions\/1697"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1683"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}