Ceci est une ancienne révision du document !
Table des matières
OpenSSL
Voir aussi :
On line tools:
Code Signing with OpenSSL
Vérification de certificat avec OpenSSL
openssl s_client -connect isc.sans.org:443
on line tools:
- Thawte SSL Toolbox Check certificate installation
Certificate Chaining
On this page you'll find how to create only one file which contains your certificate and others chain certificates (Concatenate them in one), like, I think, you could have only one configuration directive to use : the CertificateFile, and to not need the CertificateChainFile anymore :
http://help.globalscape.com/help/eft5/admin/certificate_chaining.htm
Key generation
http://www.fil.univ-lille1.fr/~wegrzyno/portail/PAC/Doc/TP5/tp-certif002.html
# Génération des clés openssl genrsa -out maCle.pem 1024 # Exportation de la partie publique openssl rsa -in maCle.pem -pubout -out maClePublique.pem
Decode
Afficher les données d'un CSR:
openssl req -in theCertificateSigningResquest.csr -noout -text
Afficher les données d'un certificat encodé PEM:
openssl x509 -in theCertificate.crt -noout -text
Heartbleed
CVE-2014-0160, CVE-2014-0160 on nist.gov
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
- Thawte SSL Toolbox Check certificate installation