SSL short

From www.deloptes.org
Jump to navigation Jump to search

Setup

create dir to store data

   mkdir -p /var/lib/ssl/{private,keys,certs,newcerts,crl,requests}

echo 01 > /var/lib/ssl/serial touch /var/lib/ssl/index.txt

set directory

  • put $dir = /var/lib/ssl/private/ in openssl.cnf

create root cert

openssl req -config /etc/openssl.cnf -new -x509 -keyout /var/lib/ssl/private/cakey.pem -out /var/lib/ssl/certs/cacert.pem

or to init the dir

   ./CA.pl -newcert
   mv newkey.pem /var/lib/ssl/private/cakey.pem ; mv newcert.pem /var/lib/ssl/certs/cacert.pem

Strip the cert

First strip the certificate from all its text to keep only the -CERTIFICATE- section

   openssl x509 -in /var/lib/ssl/certs/cacert.pem -out /var/lib/ssl/certs/cacert.crt

Requests

Create requests

   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/wwwreq.pem -out /var/lib/ssl/requests/wwwreq.pem
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/www-localreq.pem -out /var/lib/ssl/requests/www-localreq.pem 
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtpreq.pem \
               -out /var/lib/ssl/requests/smtpreq.pem 
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/smtp-localreq.pem \
               -out /var/lib/ssl/requests/smtp-localreq.pem 
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mailreq.pem -out /var/lib/ssl/requests/mailreq.pem 
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/requests/mail-localreq.pem 
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpnreq.pem -out /var/lib/ssl/requests/vpnreq.pem 
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/requests/vpn-localreq.pem 
   openssl req -config /etc/openssl.cnf -new -keyout /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/requests/maistor-localreq.pem 

Sign

  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/wwwcert.pem -infiles /var/lib/ssl/requests/wwwreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/www-localcert.pem -infiles /var/lib/ssl/requests/www-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/smtpcert.pem -infiles /var/lib/ssl/requests/smtpreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/smtp-localcert.pem -infiles /var/lib/ssl/requests/smtp-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/mailcert.pem -infiles /var/lib/ssl/requests/mailreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything -out /var/lib/ssl/certs/mail-localcert.pem -infiles /var/lib/ssl/requests/mail-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/vpncert.pem -infiles /var/lib/ssl/requests/vpnreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  \
               -out /var/lib/ssl/certs/vpn-localcert.pem -infiles /var/lib/ssl/requests/vpn-localreq.pem
  openssl ca -config /etc/openssl.cnf -policy policy_anything  -out /var/lib/ssl/certs/maistor-localcert.pem -infiles /var/lib/ssl/requests/maistor-localreq.pem

Certificates

remove passwords

       openssl rsa  -in /var/lib/ssl/requests/wwwreq.pem 		-out /var/lib/ssl/keys/www.key
       openssl rsa  -in /var/lib/ssl/requests/www-localreq.pem	-out /var/lib/ssl/keys/www-local.key
         
       openssl rsa  -in /var/lib/ssl/requests/smtpreq.pem		-out /var/lib/ssl/keys/smtp.key
       openssl rsa  -in /var/lib/ssl/requests/smtp-localreq.pem -out /var/lib/ssl/keys/smtp-local.key
       
       openssl rsa  -in /var/lib/ssl/requests/mailreq.pem		-out /var/lib/ssl/keys/mail.key
       openssl rsa  -in /var/lib/ssl/requests/mail-localreq.pem -out /var/lib/ssl/keys/mail-local.key
 
       openssl rsa  -in /var/lib/ssl/requests/vpnreq.pem		-out /var/lib/ssl/keys/vpn.key
       openssl rsa  -in /var/lib/ssl/requests/vpn-localreq.pem -out /var/lib/ssl/keys/vpn-local.key
 
       openssl rsa  -in /var/lib/ssl/requests/maistor-localreq.pem -out /var/lib/ssl/keys/maistor-local.key

view content

       openssl x509 -in www.crt -text

gen dh

       openssl gendh -out /var/lib/ssl/keys/dh2048.key 2048

Access IMAP Server

IMAP Server

Connect the Server

       openssl s_client -crlf -connect imap.gmail.com:993

Login

To login, issue the following command

       tag login user@gmail.com password

tag before login command is some character sequence required to be used before each subsequent IMAP command. If that works you’ll see an output such as

       * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE
       tag OK user@gmail.com User authenticated (Success)

List Mailboxes

Issue the following command

       tag LIST "" "*"

This produce an output such as

       * LIST (\HasNoChildren) "/" "INBOX"
       * LIST (\HasNoChildren) "/" "Notes"
       * LIST (\Noselect \HasChildren) "/" "[Gmail]"
       * LIST (\HasNoChildren) "/" "[Gmail]/All Mail"
       * LIST (\HasNoChildren) "/" "[Gmail]/Drafts"
       * LIST (\HasNoChildren) "/" "[Gmail]/Sent Mail"
       * LIST (\HasNoChildren) "/" "[Gmail]/Spam"
       * LIST (\HasNoChildren) "/" "[Gmail]/Starred"
       * LIST (\HasChildren \HasNoChildren) "/" "[Gmail]/Trash"

Select a mailbox

Issue the following command to select the INBOX

       tag SELECT INBOX

This produces an output such as

       * FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
       * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]
       * OK [UIDVALIDITY 2]
       * 6385 EXISTS
       * 0 RECENT
       * OK [UIDNEXT 29210]
       tag OK [READ-WRITE] INBOX selected. (Success)

Mailbox status

Execute the following command to get the total number of messages in the selected Mailbox

       tag STATUS INBOX (MESSAGES)

The result is an output such as

       * STATUS "INBOX" (MESSAGES 6388)

Fetch headers of last ten messages

Execute the command

       tag FETCH 6378:6388 (BODY[HEADER])

Fetch message body

Execute the following command

       tag FETCH 6388 (BODY)

The number 6388 corresponds to the number of the last message above - the first message would be 1, and so on.

Message bodies are usually multipart - you can retrieve a particular part using

       tag FETCH 6388 (BODY[n])

n is a zero-indexed part number.

Log out

Finally, to close the IMAP session

       tag LOGOUT