28 Jan 2010

Commande openssl

OpenSSL Command-Line HOWTO Ce lien donne des bonnes examples sur l’utilisation de la commande openssl.

The above link shows good examples for using the openssl command.
Exemples/Examples:
# list all available ciphers
openssl ciphers -v

# Use the verify option to verify certificates.
openssl verify cert.pem

# Connecting to a secure SMTP server
# port 25/TLS; use same syntax for port 587
openssl s_client -connect remote.host:25 -starttls smtp

# port 465/SSL
openssl s_client -connect remote.host:465
# RFC821 suggests (although it falls short of explicitly specifying) the two characters “” as line-terminator. Most mail agents do not care about this and
# accept either “” or “” as line-terminators, but Qmail does not. If you want to comply to the letter with RFC821 and/or communicate with Qmail, use also the -crlf option:
openssl s_client -connect remote.host:25 -crlf -starttls smtp
# Connecting to a different type of SSL-enabled server is essentially the same operation as outlined above. As of the date of this writing, openssl only supports command-line
# TLS with SMTP servers, so you have to use straightforward SSL connections with any other protocol.
# https: HTTP over SSL
openssl s_client -connect remote.host:443

# ldaps: LDAP over SSL
openssl s_client -connect remote.host:636

# imaps: IMAP over SSL
openssl s_client -connect remote.host:993

# pop3s: POP-3 over SSL
openssl s_client -connect remote.host:995
# The s_server option allows you to set up an SSL-enabled server from the command line, but it’s I wouldn’t recommend using it for anything other than
# testing or debugging. If you need a production-quality wrapper around an otherwise insecure server, check out Stunnel instead.
# The s_server option works best when you have a certificate; it’s fairly limited without one.
# the -www option will sent back an HTML-formatted status page
# to any HTTP clients that request a page
openssl s_server -cert mycert.pem -www

# the -WWW option "emulates a simple web server. Pages will be
# resolved relative to the current directory." This example
# is listening on the https port, rather than the default
# port 4433
openssl s_server -accept 443 -cert mycert.pem -WWW

No comments:

Post a Comment