Show Certificate info
Show versions
nmap --script ssl-enum-ciphers -p 443 technotes.adelerhof.eu | grep -E "TLSv|SSLv"
Show CSR
openssl req -noout -modulus -text -in blaataap.csr
Show CRT
openssl x509 -in blaataap.crt -text -noout
Check enddate certificate
openssl x509 -noout -enddate -in /etc/httpd/conf/ssl.crt/blaataap.pem
curl --insecure -v https://technotes.adelerhof.eu 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=*.adelerhof.eu
* start date: Nov 11 20:17:05 2019 GMT
* expire date: Feb 09 20:17:05 2020 GMT
* common name: *.adelerhof.eu
* issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* Connection #0 to host technotes.adelerhof.eu left intact
Check issuer certificate
openssl x509 -noout -subject -issuer -in /etc/httpd/conf/ssl.crt/blaataap.pem
Check for expiration
openssl x509 -enddate -noout -in file.pem # prints something like 'notAfter=Nov 3 22:23:50 2014 GMT'
openssl x509 -checkend 86400 -noout -in file.pem # gives exitcode 0 if not expired
Testing SSL webserver
openssl s_client -connect technotes.adelerhof.eu:443
Check for expiration
curl --insecure -v https://technotes.adelerhof.eu 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=*.adelerhof.eu
* start date: Nov 11 20:17:05 2019 GMT
* expire date: Feb 09 20:17:05 2020 GMT
* common name: *.adelerhof.eu
* issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* Connection #0 to host technotes.adelerhof.eu left intact
Show CRT from running website
echo | openssl s_client -showcerts -servername technotes.adelerhof.eu -connect technotes.adelerhof.eu:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:8e:ec:56:dc:2c:21:59:b5:c0:ce:dc:b5:f5:81:92:92:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Nov 11 20:17:05 2019 GMT
Not After : Feb 9 20:17:05 2020 GMT
Subject: CN=*.adelerhof.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b0:46:e1:cc:7c:23:41:f2:e7:82:20:af:64:79:
35:fe:59:a3:a9:1e:69:ac:51:aa:98:0c:77:0a:6c:
b5:ae:19:65:fa:67:ba:b1:04:71:02:f9:0a:3a:52:
6c:68:27:40:c0:94:62:f1:5d:1f:60:74:3f:d8:7b:
f5:6d:3f:f2:20:41:dc:85:36:6e:ec:55:a8:6a:16:
d5:37:9d:ac:0f:77:78:dc:93:22:b3:20:8a:bb:75:
9a:e4:0b:d4:d4:fb:5d:e8:b9:5a:0f:41:57:86:68:
c6:af:5d:d7:1a:b9:a1:31:7b:9c:62:46:28:d5:b7:
6a:b0:21:b7:b0:55:df:26:db:04:50:c5:07:b8:0a:
73:80:a8:62:7b:21:c1:3e:9a:33:8e:20:93:39:9f:
e6:f3:86:eb:01:a1:d0:1f:4b:46:47:61:18:aa:da:
5d:84:82:fd:de:04:5e:51:a1:ad:4d:6b:9e:e2:11:
9b:ee:54:ef:d4:c5:ab:30:fc:55:25:6c:f4:86:89:
6c:a8:a3:af:b8:7f:4b:3d:e6:3d:0c:9d:72:96:ec:
b4:54:74:f0:28:36:23:5b:16:54:c0:65:11:0f:09:
ba:b1:73:4a:2d:df:80:97:9c:3c:e2:44:dd:ad:d4:
52:ac:6a:da:9c:2d:5c:41:6e:2e:1f:8c:5c:00:57:
ee:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
8B:85:6D:92:F1:34:63:0F:D7:8B:CB:19:26:A3:D8:4F:A5:F0:88:C5
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:*.adelerhof.eu
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Nov 11 21:17:05.106 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:48:DE:09:E7:F2:BB:42:DE:52:47:D7:37:
29:A2:BE:15:EF:C8:36:63:25:77:3D:90:15:C0:4A:B6:
83:40:66:53:02:20:78:77:EC:8D:4E:B3:AE:76:95:7B:
BF:AA:CE:7C:3A:F3:14:85:F5:E2:C7:83:98:91:0B:A6:
98:6E:64:02:90:11
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 07:B7:5C:1B:E5:7D:68:FF:F1:B0:C6:1D:23:15:C7:BA:
E6:57:7C:57:94:B7:6A:EE:BC:61:3A:1A:69:D3:A2:1C
Timestamp : Nov 11 21:17:05.111 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:1D:F8:EF:BC:02:B0:A0:9A:5A:6B:43:00:
1C:1F:1D:16:5F:26:DF:08:AD:13:FA:B2:E1:64:AD:48:
74:38:07:88:02:20:25:70:9D:09:BC:B2:38:D4:A1:40:
67:BE:2E:CA:FD:10:1D:3D:B3:D0:E4:42:1E:C7:09:E9:
13:51:A3:78:E3:14
Signature Algorithm: sha256WithRSAEncryption
0c:03:aa:87:df:a7:a6:6b:16:f3:e6:44:cd:af:92:0f:03:16:
cd:9c:fb:3f:da:77:1a:ec:dc:73:32:6d:64:0e:bd:f0:ef:45:
bd:fe:8f:03:45:3f:48:b6:66:5c:d6:a6:5c:83:ae:5a:ad:cd:
ec:de:fe:13:11:44:cf:51:24:98:7f:60:86:1c:e4:d9:ba:eb:
80:6c:22:10:83:64:c4:31:28:ce:cb:c6:37:60:cb:fb:df:a3:
74:1a:38:93:5e:6d:98:ad:7e:67:e0:d3:15:33:f9:69:69:6f:
d7:66:e9:3f:f5:5c:d8:48:0a:94:71:39:8f:d2:6d:1c:bc:bc:
30:36:e1:22:b2:86:1a:ea:eb:08:60:4b:3e:e1:63:48:72:17:
ff:4a:3a:f3:61:2f:82:2c:53:3d:fb:48:a2:80:d7:35:8f:32:
42:ec:2c:6d:9e:5d:87:93:f7:65:e3:db:9a:62:23:20:38:27:
c1:3e:02:f1:4c:67:b5:dd:87:08:63:36:21:5a:5c:e7:30:c4:
1d:30:7b:ae:18:f3:78:66:3b:b8:f0:08:ee:0d:d4:cd:83:8f:
cc:09:92:5f:d9:37:27:d7:fc:98:9a:85:90:c1:05:d1:0f:1f:
e4:1b:10:90:03:57:bd:6a:58:79:fd:01:30:1f:00:18:43:c4:
fb:9e:23:a8