Legido Wiki

User Tools

Site Tools

Trace: certificados
informatica:linux:apache2:certificados

This is an old revision of the document!

Comprobar errores

# openssl s_client -connect lobo99.com:4443 -prexit
CONNECTED(00000003)
depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
verify return:1
---
Certificate chain
 0 s:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
   i:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICLzCCAZgCCQDNzGD1CybT2DANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJF
UzESMBAGA1UECAwJQmFyY2Vsb25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoM
CmxvYm85OS5jb20xEzARBgNVBAMMCmxvYm85OS5jb20wHhcNMTMxMTE0MTQxMzQx
WhcNMTQxMTE0MTQxMzQxWjBcMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vs
b25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoMCmxvYm85OS5jb20xEzARBgNV
BAMMCmxvYm85OS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXm6oQv
uvAYsDXII9E5U0pMZO+xmK+qfnM+Mtjx371BBmPOqsPvZV3V57ySFbl9li0jehbU
WLai3775RBtTj2rGZzMV8/0gkntjV5VE0Ouz6eHbN60YJm/co75w70mm4H/mXbA5
I0cNwpNAngGXjrisbXH3yvRJtt1akmu5wH2VAgMBAAEwDQYJKoZIhvcNAQEFBQAD
gYEAsJv09u9+25Dpkb564Wa5kGE4sJvtxD/Mc757imzLs01lkVW99EX82m4blmwK
1Mddr3pK1sdAyOON39/Jwg/TYO23McjonDlouYENvnk5VJuybHNnIrch+i+4VLOI
N7h7G234EEmvpKmalB/F/ZZwdWkR1EEgPC9IReO2Ttk/c0w=
-----END CERTIFICATE-----
subject=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
issuer=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
---
No client certificate CA names sent
---
SSL handshake has read 1134 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 259139CDC82A2074ABAF3B686B49A1514999E91C1ECEFFF67D4A0ED81D4EDEAF
    Session-ID-ctx: 
    Master-Key: 16080FCCE327191EEF97BF191992CD282FDD9685C40E7ADA15C7A3A3A844252195414690BA49C48D9EFCEB45D7AD8EA1
    Key-Arg   : None
    Start Time: 1384450622
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

Entonces hacemos la petición: 

GET /cert 
depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
verify return:1
7445:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1108:SSL alert number 40
7445:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:1012:
---
Certificate chain
 0 s:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
   i:/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICLzCCAZgCCQDNzGD1CybT2DANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJF
UzESMBAGA1UECAwJQmFyY2Vsb25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoM
CmxvYm85OS5jb20xEzARBgNVBAMMCmxvYm85OS5jb20wHhcNMTMxMTE0MTQxMzQx
WhcNMTQxMTE0MTQxMzQxWjBcMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vs
b25hMQ8wDQYDVQQHDAZNYXRhcm8xEzARBgNVBAoMCmxvYm85OS5jb20xEzARBgNV
BAMMCmxvYm85OS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXm6oQv
uvAYsDXII9E5U0pMZO+xmK+qfnM+Mtjx371BBmPOqsPvZV3V57ySFbl9li0jehbU
WLai3775RBtTj2rGZzMV8/0gkntjV5VE0Ouz6eHbN60YJm/co75w70mm4H/mXbA5
I0cNwpNAngGXjrisbXH3yvRJtt1akmu5wH2VAgMBAAEwDQYJKoZIhvcNAQEFBQAD
gYEAsJv09u9+25Dpkb564Wa5kGE4sJvtxD/Mc757imzLs01lkVW99EX82m4blmwK
1Mddr3pK1sdAyOON39/Jwg/TYO23McjonDlouYENvnk5VJuybHNnIrch+i+4VLOI
N7h7G234EEmvpKmalB/F/ZZwdWkR1EEgPC9IReO2Ttk/c0w=
-----END CERTIFICATE-----
subject=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
issuer=/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
---
Acceptable client certificate CA names
/C=ES/ST=Barcelona/L=Mataro/O=lobo99.com/CN=lobo99.com
---
SSL handshake has read 2540 bytes and written 292 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: FE7F31365F592A612576D234792FBE3C2A80FBD17758069CE2E87A02B3A2CFFF
    Session-ID-ctx: 
    Master-Key: 17477130AB689266F3E38E052D295C6506043FADCFF9DFDB658F41B43A2FF094EB036B988FC8FFA5D3E450DF5C43D031
    Key-Arg   : None
    Start Time: 1384450654
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

Se puede ver los certificados aceptados: 

Acceptable client certificate CA names
informatica/linux/apache2/certificados.1384450707.txt.gz · Last modified: 2015/04/13 20:19 (external edit)