PolyGlotProg.BlogSpot: openssl

Showing posts with label openssl. Show all posts

HTTP on the command line

OpenSSL s_client

Once connected using c_client -connect, simply type HTTP on the command line to GET/PUT/POST data.

For example:

$ openssl s_client -connect host:port -cert client.pem -key clientkey.pem -CAfile cacerts.pem
Enter pass phrase for clientkey.pem: ********

[...]

PUT /api/rest/version/9/TPRGMPITEST/3DSecureId/12345678 HTTP/1.1
Host: [...]
User-Agent: [...]
Accept: application/json
Content-Type: application/json
Content-Length: 367
Connection: close

{"3DSecure":{ ... }}

This works for JSON data. If you need to POST a html form, set the Content-Type header to "application/x-www-form-urlencoded", e.g. something like:

POST /bin/login HTTP/1.1
Host: 127.0.0.1:8000
Accept: image/gif, image/jpeg, */*
Referer: http://127.0.0.1:8000/login.html
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 37
Connection: Keep-Alive
Cache-Control: no-cache
   
User=Peter+Lee&pw=123456&action=login

Other Options

For examples of using telnet to send raw HTTP commands:
http://wiki.apache.org/couchdb/CouchIn15Minutes
http://www.ntu.edu.sg/home/ehchua/programming/webprogramming/HTTP_Basics.html

Testing an SSL service with openssl

This example

opens an SSL connection to a host
sends a request
waits for the response

echo "request body" | openssl s_client -connect <host>:<port> -quiet

For example:

ttreitlinger@IRE1ttreitliL1 /usr/bin
$ echo "-rfgetVersion -dv19901 -tr98 -x" | openssl s_client -connect 192.168.17.128:4433 -quiet
depth=1 C = US, ST = Virgina, L = Reston, O = Transaction Network Services Inc., OU = Development, CN = TNS Internal Test CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
ACK
-rfgetVersion -tr98 -rc30  -ms"CU:02.01.73 AU:02.00.65 TU:02.01.76 "  -x

ttreitlinger@IRE1ttreitliL1 /usr/bin
$

OpenSSL Commands

A collection of useful OpenSSL commands

Assumes the following files:

privkey.pem - a private key
cert.pem - a X.509 certificate
certreq.csr - a certificate signing request

# Generate a new RSA 2048 bit key
openssl genrsa -des3 -out privkey.pem 2048

# Generate a new certificate request
openssl req -new -key privkey.pem -out certreq.csr

# ...using values from a config file
openssl req -new -key privkey.pem -config cert.config -out certreq.csr

# Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in certreq.csr

# Check a certificate
openssl x509 -in cert.pem -text -noout

The cert.config file looks as follows:

[ req ]
 default_bits           = 2048
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
 prompt                 = no

 [ req_distinguished_name ]
 C                      = US
 ST                     = Tennessee
 L                      = Chattanooga
 O                      = My Organisations Name
 OU                     = Department Name
 CN                     = My Name
 emailAddress           = info@company.com

 [ req_attributes ]
 keyUsage               = critical,clientAuth
 extendedKeyUsage       = clientAuth