- # a very nice technical guide to openssl user authentication with apache using certificates and smartcards
- # a very interesting overview with useful examples of commonly used openssl commands: http://resin.csoft.net/cgi-bin/man.cgi?sektion=1&topic=openssl
- # compute the crypt password as used by many unix systems:
openssl passwd
- # generate and print a 1024-bit rsa key pair:
openssl genrsa -out rsa.key.pair 1024 openssl rsa -in rsa.key.pair -text -noout
- # convert a certificate from DER into PEM format:
openssl x509 -in cert.der -inform DER -outform PEM -out cert.pem
- # verify the validity of a certificate using openssl, given a file
cacerts.txt which holds a concatenation of trusted ca certificates in PEM
format:
openssl verify -CAfile cacerts.txt -purpose any cert1.pem cert2.pem
- # having a look at the content of a certificate revocation list:
openssl crl -in crl.der -inform DER -text -noout|less
- # compiling a sample engine for openssl 0.9.7x:
TARGETDIR=~/openssl mkdir -p $TARGETDIR cd $TARGETDIR wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz wget http://sunsite.rediris.es/pub/rediris/cert/crypt/misc/rsaref2.tar.gz tar -xzvf openssl-0.9.7* cd openssl*/demos/engines tar -xzvf ../../../rsaref2.tar.gz mv rsaref2/* rsaref rmdir rsaref2 cd rsaref wget http://godot.studentenweb.org/patches/rsaref/patch.rsaref.makefile patch -p0 < patch.rsaref.makefile make gnu
# once the engine has been compiled, you can copy into a directory where you keep your shared libraries, e.g.,mkdir ~/lib cp librsaref.so ~/lib
# you can now enjoy using your engine as follows:openssl engine -vvvv dynamic -pre SO_PATH:$HOME/lib/librsaref.so -pre ID:rsaref -pre LIST_ADD:1 -pre LOAD -t -c fortune > data.txt openssl md5 -engine rsaref data.txt
# note that it is important to specify the absolute path to the shared library...