SSL short
Jump to navigation
Jump to search
Setup
create dir to store data
mkdir -p /var/lib/ssl/{private,keys,certs,newcerts,crl,requests}
echo 01 > /var/lib/ssl/serial touch /var/lib/ssl/index.txt
set directory
- put $dir = /var/lib/ssl/private/ in openssl.cnf
create root cert
openssl req -config /etc/openssl.cnf -new -x509 -keyout /var/lib/ssl/private/cakey.pem -out /var/lib/ssl/certs/cacert.pem
or to init the dir
./CA.pl -newcert
mv newkey.pem /var/lib/ssl/private/cakey.pem ; mv newcert.pem /var/lib/ssl/certs/cacert.pem
Strip the cert
First strip the certificate from all its text to keep only the -CERTIFICATE- section
openssl x509 -in /var/lib/ssl/certs/cacert.pem -out /var/lib/ssl/certs/cacert.crt
Requests
Create requests
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/wwwreq.pem -out /var/lib/ssl/requests/wwwreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/www-localreq.pem -out /var/lib/ssl/requests/www-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtpreq.pem \
-out /var/lib/ssl/requests/smtpreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtp-localreq.pem \
-out /var/lib/ssl/requests/smtp-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mailreq.pem -out /var/lib/ssl/requests/mailreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/requests/mail-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpnreq.pem -out /var/lib/ssl/requests/vpnreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/requests/vpn-localreq.pem
openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/requests/maistor-localreq.pem
Sign
openssl ca -config /etc/openssl.cnf -policy policy_anything \
-out /var/lib/ssl/certs/wwwcert.pem -infiles /var/lib/ssl/requests/wwwreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything \
-out /var/lib/ssl/certs/www-localcert.pem -infiles /var/lib/ssl/requests/www-localreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything \
-out /var/lib/ssl/certs/smtpcert.pem -infiles /var/lib/ssl/requests/smtpreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything \
-out /var/lib/ssl/certs/smtp-localcert.pem -infiles /var/lib/ssl/requests/smtp-localreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything \
-out /var/lib/ssl/certs/mailcert.pem -infiles /var/lib/ssl/requests/mailreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything -out /var/lib/ssl/certs/mail-localcert.pem -infiles /var/lib/ssl/requests/mail-localreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything \
-out /var/lib/ssl/certs/vpncert.pem -infiles /var/lib/ssl/requests/vpnreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything \
-out /var/lib/ssl/certs/vpn-localcert.pem -infiles /var/lib/ssl/requests/vpn-localreq.pem
openssl ca -config /etc/openssl.cnf -policy policy_anything -out /var/lib/ssl/certs/maistor-localcert.pem -infiles /var/lib/ssl/requests/maistor-localreq.pem
Certificates
remove passwords
openssl rsa -in /var/lib/ssl/requests/wwwreq.pem -out /var/lib/ssl/keys/www.key
openssl rsa -in /var/lib/ssl/requests/www-localreq.pem -out /var/lib/ssl/keys/www-local.key
openssl rsa -in /var/lib/ssl/requests/smtpreq.pem -out /var/lib/ssl/keys/smtp.key
openssl rsa -in /var/lib/ssl/requests/smtp-localreq.pem -out /var/lib/ssl/keys/smtp-local.key
openssl rsa -in /var/lib/ssl/requests/mailreq.pem -out /var/lib/ssl/keys/mail.key
openssl rsa -in /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/keys/mail-local.key
openssl rsa -in /var/lib/ssl/requests/vpnreq.pem -out /var/lib/ssl/keys/vpn.key
openssl rsa -in /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/keys/vpn-local.key
openssl rsa -in /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/keys/maistor-local.key
view content
openssl x509 -in www.crt -text
gen dh
openssl gendh -out /var/lib/ssl/keys/dh2048.key 2048
Access IMAP Server
Connect the Server
openssl s_client -crlf -connect imap.gmail.com:993
Login
To login, issue the following command
tag login user@gmail.com password
tag before login command is some character sequence required to be used before each subsequent IMAP command. If that works you’ll see an output such as
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE
tag OK user@gmail.com User authenticated (Success)
List Mailboxes
Issue the following command
tag LIST "" "*"
This produce an output such as
* LIST (\HasNoChildren) "/" "INBOX"
* LIST (\HasNoChildren) "/" "Notes"
* LIST (\Noselect \HasChildren) "/" "[Gmail]"
* LIST (\HasNoChildren) "/" "[Gmail]/All Mail"
* LIST (\HasNoChildren) "/" "[Gmail]/Drafts"
* LIST (\HasNoChildren) "/" "[Gmail]/Sent Mail"
* LIST (\HasNoChildren) "/" "[Gmail]/Spam"
* LIST (\HasNoChildren) "/" "[Gmail]/Starred"
* LIST (\HasChildren \HasNoChildren) "/" "[Gmail]/Trash"
Select a mailbox
Issue the following command to select the INBOX
tag SELECT INBOX
This produces an output such as
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]
* OK [UIDVALIDITY 2]
* 6385 EXISTS
* 0 RECENT
* OK [UIDNEXT 29210]
tag OK [READ-WRITE] INBOX selected. (Success)
Mailbox status
Execute the following command to get the total number of messages in the selected Mailbox
tag STATUS INBOX (MESSAGES)
The result is an output such as
* STATUS "INBOX" (MESSAGES 6388)
Fetch headers of last ten messages
Execute the command
tag FETCH 6378:6388 (BODY[HEADER])
Fetch message body
Execute the following command
tag FETCH 6388 (BODY)
The number 6388 corresponds to the number of the last message above - the first message would be 1, and so on.
Message bodies are usually multipart - you can retrieve a particular part using
tag FETCH 6388 (BODY[n])
n is a zero-indexed part number.
Log out
Finally, to close the IMAP session
tag LOGOUT