linux:ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
linux:ssl [2022/12/14 04:50] – [SSL.https test TLS/sll] adminlinux:ssl [2024/11/09 13:13] (current) – [SSl certificates] admin
Line 4: Line 4:
   * Управление сертификатами - https://github.com/cloudflare/cfssl   * Управление сертификатами - https://github.com/cloudflare/cfssl
   * книга все что нужно знать - [[https://drive.google.com/file/d/1dIeaGXgGDRMHExbeFx8xWAPx_aElpmo7/view?usp=sharing|TLS Mastery]]    * книга все что нужно знать - [[https://drive.google.com/file/d/1dIeaGXgGDRMHExbeFx8xWAPx_aElpmo7/view?usp=sharing|TLS Mastery]] 
 +  * https://medium.com/@seabro/how-to-create-selfsigned-ca-and-custom-wildcard-ssl-certificate-1112ed2080f7
  
 +===== SSl certificates =====
 +
 +<code BASH>
 +# Example get and install https://discuss.elastic.co/t/error-response-from-daemon-get-https-docker-elastic-co-v2-x509-certificate-signed-by-unknown-authority/281754
 +curl --trace - https://docker.elastic.co:443
 +cd ~
 +openssl s_client -showcerts -connect www.domain.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >domain.com.crt
 +sudo cp domain.com.crt /usr/local/share/ca-certificates
 +sudo update-ca-certificates
 +</code>
 +
 +<code BASH>
 +openssl s_client -connect bot.ip2u.ru:4443 -showcerts
 +openssl s_client -showcerts -connect www.domain.com:443
 +openssl s_client -showcerts -connect bot.ip2u.ru:4443 </dev/null 2>/dev/null|openssl x509 -outform PEM >ip2u_ru.crt
 +cat ./ip2u_ru.crt
 +sudo cp ./ip2u_ru.crt /usr/local/share/ca-certificates/ip2u.ru.crt
 +sudo update-ca-certificates
 +openssl s_client -showcerts -connect bot.ip2u.ru:4443
 +openssl s_client -CAfile ./ip2u_ru.crt -connect bot.ip2u.ru:4443
 +curl --verbose  bot.ip2u.ru:4443
 +</code>
 ===== Linux SSL key managment  ===== ===== Linux SSL key managment  =====
 +  * update ca certificate on ubuntu  https://www.dmosk.ru/miniinstruktions.php?mini=root-ca-linux
   * https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-a-certificate-authority-ca-on-centos-8-ru - centos ca   * https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-a-certificate-authority-ca-on-centos-8-ru - centos ca
   * https://jamielinux.com/docs/openssl-certificate-authority/ - manual ca   * https://jamielinux.com/docs/openssl-certificate-authority/ - manual ca
Line 11: Line 35:
   * https://github.com/smallstep/cli#installation-guide - pki script managment   * https://github.com/smallstep/cli#installation-guide - pki script managment
   * https://github.com/OpenVPN/easy-rsa asy-rsa is a CLI utility to build and manage a PKI CA   * https://github.com/OpenVPN/easy-rsa asy-rsa is a CLI utility to build and manage a PKI CA
 +
 +===== Linux MTLS =====
 +https://get.localhost.direct/ \\
 +  * https://victoronsoftware.com/posts/mtls/
 +  * https://smallstep.com/hello-mtls/doc/server/nginx - cert auth nginx
 +  * https://www.dmosk.ru/miniinstruktions.php?mini=nginx-mtls#client
 ===== OpenSSL key manipulating ===== ===== OpenSSL key manipulating =====
  
  • linux/ssl.1670993445.txt.gz
  • Last modified: 2022/12/14 04:50
  • by admin