| Size: 3370 Comment:  | Size: 3841 Comment:  | 
| Deletions are marked like this. | Additions are marked like this. | 
| Line 99: | Line 99: | 
| {{{#!highlight python import time t = time.strptime('Aug 23 12:35:40 2019 GMT','%b %d %H:%M:%S %Y %Z') time.mktime(t) - time.time() #### import ssl import socket context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE conn = context.wrap_socket(socket.socket(socket.AF_INET),server_hostname="www.bitarus.allowed.org") connection = conn.connect(("www.bitarus.allowed.org",443)) cert = conn.getpeercert() }}} | 
SSL
openssl certificate + key generation
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/http2.pem -keyout /etc/ssl/private/http2.pem Country Name: PT Country Name (2 letter code) [XX]:PT State or Province Name (full name) []:State Locality Name (eg, city) [Default City]:City Organization Name (eg, company) [Default Company Ltd]:example Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:*.example.org Email Address []:user@example.org
Check https connection
openssl s_client -connect wiki.bitarus.allowed.org:443
Multiple SSL nginx
http://nginx.org/en/docs/http/configuring_https_servers.html
Multiple SSL Apache
https://wiki.apache.org/httpd/NameBasedSSLVHosts
As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port.
It is acceptable to use a single SSL configuration for several virtual hosts. In particular, this will work if the SSL certificate applies to all the virtual hosts. For example, this will work if:
All the VirtualHosts are within the same domain, eg: one.example.com and two.example.com. You have a wildcard SSL certificate for that domain (one where the Common Name begins with an asterix: i.e *.example.com)
Encrypt and decrypt with openssl + rsa keypair + base64
   1 # generate rsa key pair
   2 openssl genrsa -out private.pem 2048
   3 # export public key 
   4 openssl rsa -in private.pem -outform PEM -pubout -out public.pem
   5 
   6 rm test.txt test.txt.bin.enc test.txt.bin.enc.b64 decoded.enc test.txt.bin
   7 echo -n "test" > test.txt
   8 hexdump -C test.txt
   9 # encrypt with public key
  10 openssl rsautl -encrypt -inkey public.pem -pubin -in test.txt -out test.txt.bin.enc
  11 # encode 
  12 base64 test.txt.bin.enc > test.txt.bin.enc.b64
  13 # decode
  14 base64 -d test.txt.bin.enc.b64 > decoded.enc
  15 # decrypt with public key 
  16 openssl rsautl -decrypt -inkey private.pem -in decoded.enc -out test.txt.bin
  17 hexdump -C test.txt.bin
encrypt.sh
   1 # ssh-keygen
   2 # openssl rsa -in id_rsa -outform PEM -pubout -out id_rsa.pub.pem
   3 MESSAGE=message.txt
   4 MESSAGE_ENC=message.txt.enc
   5 MESSAGE_ENC_B64=message.txt.enc.b64
   6 PUB_KEY=~/.ssh/id_rsa.pub.pem
   7 
   8 echo -n $1 > $MESSAGE
   9 openssl rsautl -encrypt -inkey "$PUB_KEY" -pubin -in "$MESSAGE" -out "$MESSAGE_ENC" 
  10 base64 $MESSAGE_ENC > $MESSAGE_ENC_B64
  11 cat $MESSAGE_ENC_B64
decrypt.sh
https://gethttpsforfree.com/
cd ~ openssl genrsa 4096 > httpsforfreeaccount.key openssl rsa -in httpsforfreeaccount.key -pubout > httpsforfreeaccount.pub openssl genrsa 4096 > domain.key openssl req -new -sha256 -key domain.key -subj "/" \ -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \ <(printf "\n[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))
https://www.sslforfree.com/
Get expiration date
- echo | openssl s_client -servername www.bitarus.allowed.org -connect www.bitarus.allowed.org:443 2>/dev/null | openssl x509 -noout -enddate 
   1 import time
   2 t = time.strptime('Aug 23 12:35:40 2019 GMT','%b %d %H:%M:%S %Y %Z')
   3 time.mktime(t) - time.time()
   4 ####
   5 import ssl
   6 import socket
   7 context = ssl.create_default_context()
   8 context.check_hostname = False
   9 context.verify_mode = ssl.CERT_NONE
  10 conn = context.wrap_socket(socket.socket(socket.AF_INET),server_hostname="www.bitarus.allowed.org")
  11 connection = conn.connect(("www.bitarus.allowed.org",443))
  12 cert = conn.getpeercert()
