background preloader

Openssl

Facebook Twitter

OpenSSL: The Open Source toolkit for SSL/TLS. OpenSSL Command-Line HOWTO. OpenSSL Command-Line HOWTO Initial publication: June 13, 2004 Most recent revision: January 3, 2013 The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations.

OpenSSL Command-Line HOWTO

This HOWTO provides some cookbook-style recipes for using it. The openssl command-line binary that ships with the OpenSSL libraries can perform a wide range of cryptographic operations. Documentation for using the openssl application is somewhat scattered, however, so this article aims to provide some practical examples of its use. Just to be clear, this article is strictly practical; it does not concern cryptographic theory and concepts. The nature of this article is that I’ll be adding new examples incrementally. How do I find out what OpenSSL version I’m running? Use the version option. $ openssl version OpenSSL 0.9.8b 04 May 2006 You can get much more information with the version -a option.

How do I get a list of the available commands? How do I get a list of available ciphers? #! #! OpenSSL Command-Line HOWTO. OpenSSL Command-Line HOWTO The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations.

OpenSSL Command-Line HOWTO

This HOWTO provides some cookbook-style recipes for using it. Paul Heinlein | February 24, 2016. Running Name-Based SSL Virtual Hosts in Apache. By Rich Bowen, coauthor of Apache Cookbook 02/17/2005 Editor's note: After a winter hiatus, Rich Bowen is back with another column based on his conversations on the IRC channel #apache.

Running Name-Based SSL Virtual Hosts in Apache

This week Rich tackles SSL virtual hosts--if you think it's not possible to run them in Apache, think again. Rich is a coauthor of O'Reilly's Apache Cookbook. #apache is an IRC channel that runs on the irc.freenode.net IRC network. To join this channel, you need to install an IRC client (XChat, MIRC, and bitchx are popular clients) and enter the following commands: /server irc.freenode.net /join #apache Day Ten In this week's article, I might seem to contradict myself, so it's important that you read the whole piece.

Over the last few months, I've seen a big increase in questions regarding SSL and name-based virtual hosts (vhosts). <DrBacchus> ssl vhosts<fajita> When using SSL, each virtual host must have either its own IP address or its own port. Figure 1. There are two aspects to SSL. One final comment. Documents, s_client(1) S_client - SSL/TLS client program openssl s_client [-connect host:port] [-verify depth] [-verify_return_error] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-CApath directory] [-CAfile filename] [-reconnect] [-pause] [-showcerts] [-debug] [-msg] [-nbio_test] [-state] [-nbio] [-crlf] [-ign_eof] [-quiet] [-ssl2] [-ssl3] [-tls1] [-no_ssl2] [-no_ssl3] [-no_tls1] [-bugs] [-cipher cipherlist] [-starttls protocol] [-xmpphost hostname] [-engine id] [-tlsextdebug] [-no_ticket] [-sess_out filename] [-sess_in filename] [-rand file(s)] [-serverinfo types] [-auth] [-auth_require_reneg] The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.

Documents, s_client(1)

It is a very useful diagnostic tool for SSL servers. In addition to the options below the s_client utility also supports the common and client only options documented in the in the SSL_CONF_cmd(3) manual page. -connect host:port. Sécuriser votre serveur SSH. Si vous gérez votre propre serveur, vous possédez forcement une connexion SSH pour y accéder à distance.

Sécuriser votre serveur SSH

SSH est indispensable car en plus de fournir un accès en ligne de commande à votre serveur, il permet de se passer complètement de serveur FTP et de déposer vos fichiers en SFTP (SSH File Transfer Protocol). Je ne suis pas un grand guru de l'admin linux mais je me débrouille, donc si ça vous intéresse, voici un petit tuto ssh pour paramétrer convenablement votre serveur SSH et le sécuriser un minimum. Vous allez voir, ça peut aller assez vite et vous éviter bien des emmerdements. Tous mes tests ont été fait sur une Ubuntu. Avant de faire toutes ces manips, ouvrez un accès SSH en plus qui vous permettra de corriger vos erreurs au cas où vous vous bloquiez tous les accès.

Config de base à changer dans le fichier /etc/ssh/sshd_config Là déjà c'est pas mal... Pour vous connecter sur ce nouveau port, vous devez utiliser le paramètre "p" avec ssh mac ou ssh linux. Et voilà !