SSL

seq 10 | xargs -I@ -n1 curl -kso /dev/null -w "tcp:%{time_connect}, ssldone:%{time_appconnect}\n" https://wiki.sysop.cafe

domain=www.google.com; days=14; echo | openssl s_client -connect $domain:443 2>/dev/null | openssl x509 -noout -checkend $(($days * 24 * 60 * 60)) -enddate

http://prefetch.net/code/ssl-cert-check (local copy, probably outdated: https:wiki.sysop.cafe/resources/ssl-cert-check.txt) ===== Strong Ciphers ===== https://cipherl.ist/ ==== SSL/TLS scanning library ==== https://github.com/nabla-c0d3/sslyze ==== Generate self-signed cert without passphrase ==== <code> openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -days 365 -nodes </code> ==== Convert .crt and .key to .pfx ==== <code> openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in fullchain.pem openssl pkcs12 -info -in cert.pfx #to verify </code> ====== Convert .pfx to .crt and .key ====== <code> cert=foo_bar.pfx openssl pkcs12 -in $cert -clcerts -nokeys -out $(basename “$cert” .pfx).crt openssl pkcs12 -in $cert -nocerts -out $(basename “$cert” .pfx)-encrypted.key openssl rsa -in $(basename “$cert” .pfx)-encrypted.key -out $(basename “$cert” .pfx).key </code> ====== Cert enddate ====== <code> openssl s_client -connect www.example.com:443 < /dev/null 2>/dev/null | openssl x509 -noout -enddate </code>