SSL
Performance
seq 10 | xargs -I@ -n1 curl -kso /dev/null -w "tcp:%{time_connect}, ssldone:%{time_appconnect}\n" https://wiki.sysop.cafe
Check certificate expiration date
domain=www.google.com; days=14; echo | openssl s_client -connect $domain:443 2>/dev/null | openssl x509 -noout -checkend $(($days * 24 * 60 * 60)) -enddate
SSL check script
http://prefetch.net/code/ssl-cert-check (local copy, probably outdated: https:wiki.sysop.cafe/resources/ssl-cert-check.txt)
===== Strong Ciphers =====
https://cipherl.ist/
==== SSL/TLS scanning library ====
https://github.com/nabla-c0d3/sslyze
==== Generate self-signed cert without passphrase ====
<code>
openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -days 365 -nodes
</code>
==== Convert .crt
and .key
to .pfx
====
<code>
openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in fullchain.pem
openssl pkcs12 -info -in cert.pfx #to verify
</code>
====== Convert .pfx
to .crt
and .key
======
<code>
cert=foo_bar.pfx
openssl pkcs12 -in $cert -clcerts -nokeys -out $(basename “$cert” .pfx).crt
openssl pkcs12 -in $cert -nocerts -out $(basename “$cert” .pfx)-encrypted.key
openssl rsa -in $(basename “$cert” .pfx)-encrypted.key -out $(basename “$cert” .pfx).key
</code>
====== Cert enddate ======
<code>
openssl s_client -connect www.example.com:443 < /dev/null 2>/dev/null | openssl x509 -noout -enddate
</code>