SSL short: Difference between revisions
(Created page with "=Setup= ==create dir to store data== mkdir -p /var/lib/ssl/{private,keys,certs,newcerts,crl,requests} echo 01 > /var/lib/ssl/serial touch /var/lib/ssl/index.txt ==set di...") |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 86: | Line 86: | ||
openssl rsa -in /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/keys/maistor-local.key | openssl rsa -in /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/keys/maistor-local.key | ||
==view content== | |||
openssl x509 -in www.crt -text | |||
=gen dh= | =gen dh= | ||
openssl gendh -out /var/lib/ssl/keys/dh2048.key 2048 | openssl gendh -out /var/lib/ssl/keys/dh2048.key 2048 | ||
=Access IMAP Server= | |||
[https://tewarid.github.io/2011/05/10/access-imap-server-from-the-command-line-using-openssl.html|Access IMAP Server] | |||
== Connect the Server== | |||
openssl s_client -crlf -connect imap.gmail.com:993 | |||
==Login== | |||
To login, issue the following command | |||
tag login user@gmail.com password | |||
tag before login command is some character sequence required to be used before each subsequent IMAP command. | |||
If that works you’ll see an output such as | |||
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE | |||
tag OK user@gmail.com User authenticated (Success) | |||
==List Mailboxes== | |||
Issue the following command | |||
tag LIST "" "*" | |||
This produce an output such as | |||
* LIST (\HasNoChildren) "/" "INBOX" | |||
* LIST (\HasNoChildren) "/" "Notes" | |||
* LIST (\Noselect \HasChildren) "/" "[Gmail]" | |||
* LIST (\HasNoChildren) "/" "[Gmail]/All Mail" | |||
* LIST (\HasNoChildren) "/" "[Gmail]/Drafts" | |||
* LIST (\HasNoChildren) "/" "[Gmail]/Sent Mail" | |||
* LIST (\HasNoChildren) "/" "[Gmail]/Spam" | |||
* LIST (\HasNoChildren) "/" "[Gmail]/Starred" | |||
* LIST (\HasChildren \HasNoChildren) "/" "[Gmail]/Trash" | |||
==Select a mailbox== | |||
Issue the following command to select the INBOX | |||
tag SELECT INBOX | |||
This produces an output such as | |||
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen) | |||
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] | |||
* OK [UIDVALIDITY 2] | |||
* 6385 EXISTS | |||
* 0 RECENT | |||
* OK [UIDNEXT 29210] | |||
tag OK [READ-WRITE] INBOX selected. (Success) | |||
==Mailbox status== | |||
Execute the following command to get the total number of messages in the selected Mailbox | |||
tag STATUS INBOX (MESSAGES) | |||
The result is an output such as | |||
* STATUS "INBOX" (MESSAGES 6388) | |||
==Fetch headers of last ten messages== | |||
Execute the command | |||
tag FETCH 6378:6388 (BODY[HEADER]) | |||
==Fetch message body== | |||
Execute the following command | |||
tag FETCH 6388 (BODY) | |||
The number 6388 corresponds to the number of the last message above - the first message would be 1, and so on. | |||
Message bodies are usually multipart - you can retrieve a particular part using | |||
tag FETCH 6388 (BODY[n]) | |||
n is a zero-indexed part number. | |||
==Log out== | |||
Finally, to close the IMAP session | |||
tag LOGOUT |
Latest revision as of 09:17, 15 July 2020
Setup
create dir to store data
mkdir -p /var/lib/ssl/{private,keys,certs,newcerts,crl,requests}
echo 01 > /var/lib/ssl/serial touch /var/lib/ssl/index.txt
set directory
- put $dir = /var/lib/ssl/private/ in openssl.cnf
create root cert
openssl req -config /etc/openssl.cnf -new -x509 -keyout /var/lib/ssl/private/cakey.pem -out /var/lib/ssl/certs/cacert.pem
or to init the dir
./CA.pl -newcert
mv newkey.pem /var/lib/ssl/private/cakey.pem ; mv newcert.pem /var/lib/ssl/certs/cacert.pem
Strip the cert
First strip the certificate from all its text to keep only the -CERTIFICATE- section
openssl x509 -in /var/lib/ssl/certs/cacert.pem -out /var/lib/ssl/certs/cacert.crt
Requests
Create requests
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/wwwreq.pem -out /var/lib/ssl/requests/wwwreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/www-localreq.pem -out /var/lib/ssl/requests/www-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtpreq.pem \ -out /var/lib/ssl/requests/smtpreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtp-localreq.pem \ -out /var/lib/ssl/requests/smtp-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mailreq.pem -out /var/lib/ssl/requests/mailreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/requests/mail-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpnreq.pem -out /var/lib/ssl/requests/vpnreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/requests/vpn-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/requests/maistor-localreq.pem
Sign
openssl ca -config /etc/openssl.cnf -policy policy_anything \ -out /var/lib/ssl/certs/wwwcert.pem -infiles /var/lib/ssl/requests/wwwreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything \ -out /var/lib/ssl/certs/www-localcert.pem -infiles /var/lib/ssl/requests/www-localreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything \ -out /var/lib/ssl/certs/smtpcert.pem -infiles /var/lib/ssl/requests/smtpreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything \ -out /var/lib/ssl/certs/smtp-localcert.pem -infiles /var/lib/ssl/requests/smtp-localreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything \ -out /var/lib/ssl/certs/mailcert.pem -infiles /var/lib/ssl/requests/mailreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything -out /var/lib/ssl/certs/mail-localcert.pem -infiles /var/lib/ssl/requests/mail-localreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything \ -out /var/lib/ssl/certs/vpncert.pem -infiles /var/lib/ssl/requests/vpnreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything \ -out /var/lib/ssl/certs/vpn-localcert.pem -infiles /var/lib/ssl/requests/vpn-localreq.pem openssl ca -config /etc/openssl.cnf -policy policy_anything -out /var/lib/ssl/certs/maistor-localcert.pem -infiles /var/lib/ssl/requests/maistor-localreq.pem
Certificates
remove passwords
openssl rsa -in /var/lib/ssl/requests/wwwreq.pem -out /var/lib/ssl/keys/www.key openssl rsa -in /var/lib/ssl/requests/www-localreq.pem -out /var/lib/ssl/keys/www-local.key openssl rsa -in /var/lib/ssl/requests/smtpreq.pem -out /var/lib/ssl/keys/smtp.key openssl rsa -in /var/lib/ssl/requests/smtp-localreq.pem -out /var/lib/ssl/keys/smtp-local.key openssl rsa -in /var/lib/ssl/requests/mailreq.pem -out /var/lib/ssl/keys/mail.key openssl rsa -in /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/keys/mail-local.key openssl rsa -in /var/lib/ssl/requests/vpnreq.pem -out /var/lib/ssl/keys/vpn.key openssl rsa -in /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/keys/vpn-local.key openssl rsa -in /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/keys/maistor-local.key
view content
openssl x509 -in www.crt -text
gen dh
openssl gendh -out /var/lib/ssl/keys/dh2048.key 2048
Access IMAP Server
Connect the Server
openssl s_client -crlf -connect imap.gmail.com:993
Login
To login, issue the following command
tag login user@gmail.com password
tag before login command is some character sequence required to be used before each subsequent IMAP command. If that works you’ll see an output such as
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE tag OK user@gmail.com User authenticated (Success)
List Mailboxes
Issue the following command
tag LIST "" "*"
This produce an output such as
* LIST (\HasNoChildren) "/" "INBOX" * LIST (\HasNoChildren) "/" "Notes" * LIST (\Noselect \HasChildren) "/" "[Gmail]" * LIST (\HasNoChildren) "/" "[Gmail]/All Mail" * LIST (\HasNoChildren) "/" "[Gmail]/Drafts" * LIST (\HasNoChildren) "/" "[Gmail]/Sent Mail" * LIST (\HasNoChildren) "/" "[Gmail]/Spam" * LIST (\HasNoChildren) "/" "[Gmail]/Starred" * LIST (\HasChildren \HasNoChildren) "/" "[Gmail]/Trash"
Select a mailbox
Issue the following command to select the INBOX
tag SELECT INBOX
This produces an output such as
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * OK [UIDVALIDITY 2] * 6385 EXISTS * 0 RECENT * OK [UIDNEXT 29210] tag OK [READ-WRITE] INBOX selected. (Success)
Mailbox status
Execute the following command to get the total number of messages in the selected Mailbox
tag STATUS INBOX (MESSAGES)
The result is an output such as
* STATUS "INBOX" (MESSAGES 6388)
Fetch headers of last ten messages
Execute the command
tag FETCH 6378:6388 (BODY[HEADER])
Fetch message body
Execute the following command
tag FETCH 6388 (BODY)
The number 6388 corresponds to the number of the last message above - the first message would be 1, and so on.
Message bodies are usually multipart - you can retrieve a particular part using
tag FETCH 6388 (BODY[n])
n is a zero-indexed part number.
Log out
Finally, to close the IMAP session
tag LOGOUT