informatica:linux:apache2:certificados
This is an old revision of the document!
Comprobar errores
# openssl s_client -connect lobo99.com:4443 -prexit
CONNECTED(00000003) depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com verify return:1 --- Certificate chain 0 s:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com i:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com --- Server certificate -----BEGIN CERTIFICATE----- MIICLzCCAZgCCQDNzGD1CybT2DANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJF UzESMBAGA1UECAwJQmFyY2Vsb25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoM CmxvYm85OS5jb20xEzARBgNVBAMMCmxvYm85OS5jb20wHhcNMTMxMTE0MTQxMzQx WhcNMTQxMTE0MTQxMzQxWjBcMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vs b25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoMCmxvYm85OS5jb20xEzARBgNV BAMMCmxvYm85OS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXm6oQv uvAYsDXII9E5U0pMZO+xmK+qfnM+Mtjx371BBmPOqsPvZV3V57ySFbl9li0jehbU WLai3775RBtTj2rGZzMV8/0gkntjV5VE0Ouz6eHbN60YJm/co75w70mm4H/mXbA5 I0cNwpNAngGXjrisbXH3yvRJtt1akmu5wH2VAgMBAAEwDQYJKoZIhvcNAQEFBQAD gYEAsJv09u9+25Dpkb564Wa5kGE4sJvtxD/Mc757imzLs01lkVW99EX82m4blmwK 1Mddr3pK1sdAyOON39/Jwg/TYO23McjonDlouYENvnk5VJuybHNnIrch+i+4VLOI N7h7G234EEmvpKmalB/F/ZZwdWkR1EEgPC9IReO2Ttk/c0w= -----END CERTIFICATE----- subject=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com issuer=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com --- No client certificate CA names sent --- SSL handshake has read 1134 bytes and written 319 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 259139CDC82A2074ABAF3B686B49A1514999E91C1ECEFFF67D4A0ED81D4EDEAF Session-ID-ctx: Master-Key: 16080FCCE327191EEF97BF191992CD282FDD9685C40E7ADA15C7A3A3A844252195414690BA49C48D9EFCEB45D7AD8EA1 Key-Arg : None Start Time: 1384450622 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) ---
Entonces hacemos la petición:
GET /cert
depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com verify return:1 7445:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1108:SSL alert number 40 7445:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:1012: --- Certificate chain 0 s:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com i:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com --- Server certificate -----BEGIN CERTIFICATE----- MIICLzCCAZgCCQDNzGD1CybT2DANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJF UzESMBAGA1UECAwJQmFyY2Vsb25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoM CmxvYm85OS5jb20xEzARBgNVBAMMCmxvYm85OS5jb20wHhcNMTMxMTE0MTQxMzQx WhcNMTQxMTE0MTQxMzQxWjBcMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vs b25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoMCmxvYm85OS5jb20xEzARBgNV BAMMCmxvYm85OS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXm6oQv uvAYsDXII9E5U0pMZO+xmK+qfnM+Mtjx371BBmPOqsPvZV3V57ySFbl9li0jehbU WLai3775RBtTj2rGZzMV8/0gkntjV5VE0Ouz6eHbN60YJm/co75w70mm4H/mXbA5 I0cNwpNAngGXjrisbXH3yvRJtt1akmu5wH2VAgMBAAEwDQYJKoZIhvcNAQEFBQAD gYEAsJv09u9+25Dpkb564Wa5kGE4sJvtxD/Mc757imzLs01lkVW99EX82m4blmwK 1Mddr3pK1sdAyOON39/Jwg/TYO23McjonDlouYENvnk5VJuybHNnIrch+i+4VLOI N7h7G234EEmvpKmalB/F/ZZwdWkR1EEgPC9IReO2Ttk/c0w= -----END CERTIFICATE----- subject=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com issuer=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com --- Acceptable client certificate CA names /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com --- SSL handshake has read 2540 bytes and written 292 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: FE7F31365F592A612576D234792FBE3C2A80FBD17758069CE2E87A02B3A2CFFF Session-ID-ctx: Master-Key: 17477130AB689266F3E38E052D295C6506043FADCFF9DFDB658F41B43A2FF094EB036B988FC8FFA5D3E450DF5C43D031 Key-Arg : None Start Time: 1384450654 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) ---
Se puede ver los certificados aceptados:
Acceptable client certificate CA names
informatica/linux/apache2/certificados.1384450707.txt.gz · Last modified: 2015/04/13 20:19 (external edit)