Changes in 431c239: Updated compute/ssl-debug.md

				compute/ssl-debug.md
			
          @@ -2,34 +2,36 @@

           <!-- SUBTITLE: SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT? What the fuck does that mean? -->

           ### Read cert

          -$ echo | openssl s_client -host \<hostname> -port 443 | openssl x509 -noout -text

          +`$ echo | openssl s_client -host \<hostname> -port 443 | openssl x509 -noout -text`

           ### Read cert and check

          -$ echo | openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile /etc/ssl/cert.pem | openssl x509 -noout -text

          +`$ echo | openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile /etc/ssl/cert.pem | openssl x509 -noout -text`

           ### Dump cert chain

          -$ echo | openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443

          +`$ echo | openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443`

           ### Dump cert chain to individual files

          -$ echo | openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443 | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p'  | awk 'BEGIN {i=0} /BEGIN CERT/{i++} { print > "cert" i ".pem"}'

          +`$ echo | openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443 | \

          +sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p'  | \

          +awk 'BEGIN {i=0} /BEGIN CERT/{i++} { print > "cert" i ".pem"}'`

           ### Read CRL

          -$ openssl crl -inform {DER|PEM} -noout -text -in \<crl file>

          +`$ openssl crl -inform {DER|PEM} -noout -text -in \<crl file>`

           ### Test connection

          -$ echo | openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile \<Root CA cert file>

          +`$ echo | openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile \<Root CA cert file>`

           ### Convert DER to PEM

          -$ openssl x509 -inform DER -in cert.der -outform PEM -out cert.pem

          +`$ openssl x509 -inform DER -in cert.der -outform PEM -out cert.pem`

           ### Verify cert chain

          -$ openssl verify -CAfile /etc/ssl/cert.pem -untrusted intermediate.pem cert.pem

          +`$ openssl verify -CAfile /etc/ssl/cert.pem -untrusted intermediate.pem cert.pem`

           ### Exctract certs from pkcs12 file

          -$ openssl pkcs12 -in \<file.pfx> -nodes

          +`$ openssl pkcs12 -in \<file.pfx> -nodes`

           ### Extract keys from pkcs12 file

          -$ openssl pkcs12 -in \<file.pfx> -nocerts

          +`$ openssl pkcs12 -in \<file.pfx> -nocerts`

           ### Remove password from key PEM

          -$ openssl rsa -in \<protected.pem> -out \<unprotected.pem>

          \ No newline at end of file

          +`$ openssl rsa -in \<protected.pem> -out \<unprotected.pem>`

          \ No newline at end of file

...	...	@@ -2,34 +2,36 @@
2	2	<!-- SUBTITLE: SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT? What the fuck does that mean? -->
3	3
4	4	### Read cert
5		-$ echo \| openssl s_client -host \<hostname> -port 443 \| openssl x509 -noout -text
	5	+`$ echo \| openssl s_client -host \<hostname> -port 443 \| openssl x509 -noout -text`
6	6
7	7	### Read cert and check
8		-$ echo \| openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile /etc/ssl/cert.pem \| openssl x509 -noout -text
	8	+`$ echo \| openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile /etc/ssl/cert.pem \| openssl x509 -noout -text`
9	9
10	10	### Dump cert chain
11		-$ echo \| openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443
	11	+`$ echo \| openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443`
12	12
13	13	### Dump cert chain to individual files
14		-$ echo \| openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443 \| sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \| awk 'BEGIN {i=0} /BEGIN CERT/{i++} { print > "cert" i ".pem"}'
	14	+`$ echo \| openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443 \| \
	15	+sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \| \
	16	+awk 'BEGIN {i=0} /BEGIN CERT/{i++} { print > "cert" i ".pem"}'`
15	17
16	18	### Read CRL
17		-$ openssl crl -inform {DER\|PEM} -noout -text -in \<crl file>
	19	+`$ openssl crl -inform {DER\|PEM} -noout -text -in \<crl file>`
18	20
19	21	### Test connection
20		-$ echo \| openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile \<Root CA cert file>
	22	+`$ echo \| openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile \<Root CA cert file>`
21	23
22	24	### Convert DER to PEM
23		-$ openssl x509 -inform DER -in cert.der -outform PEM -out cert.pem
	25	+`$ openssl x509 -inform DER -in cert.der -outform PEM -out cert.pem`
24	26
25	27	### Verify cert chain
26		-$ openssl verify -CAfile /etc/ssl/cert.pem -untrusted intermediate.pem cert.pem
	28	+`$ openssl verify -CAfile /etc/ssl/cert.pem -untrusted intermediate.pem cert.pem`
27	29
28	30	### Exctract certs from pkcs12 file
29		-$ openssl pkcs12 -in \<file.pfx> -nodes
	31	+`$ openssl pkcs12 -in \<file.pfx> -nodes`
30	32
31	33	### Extract keys from pkcs12 file
32		-$ openssl pkcs12 -in \<file.pfx> -nocerts
	34	+`$ openssl pkcs12 -in \<file.pfx> -nocerts`
33	35
34	36	### Remove password from key PEM
35		-$ openssl rsa -in \<protected.pem> -out \<unprotected.pem>
...	...	\ No newline at end of file
	0	+`$ openssl rsa -in \<protected.pem> -out \<unprotected.pem>`
...	...	\ No newline at end of file