SSL/TLS and Certificates

Tools

OpenSSL

Used to create self signed certificates for SSL encryption
1
# openssl req -newkey rsa:2048 -nodes -keyout bind_shell.key -x509 -days 362 -out cirtificate.crt
Copied!
  • Tags
    • req - initiate a new certificate signing request
    • newkey - generate a new private key
    • rsa:2048 - use RSA encryption with a 2,048-bit key length
    • -nodes - store the private key without passphrase protection
    • -keyout - save the key to a file
    • -x509 - output a self-signed cert instead of a certificate request
    • -days - set validity period
    • -out - save this certificate to a file
  • Generate a self signed Certificate for a CA
1
# cat certificate.key certificate.crt > certificate.pem
Copied!
  • Create a .pem file for use with tools like socat
1
# openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf
Copied!
  • You will be prompted for certain pieces of information as well as a password which can be used when signing certificates in the future, so do not forget this! Two files will be outputted: ca.key which contains the CA’s private key, and ca.crt which contains the CA’s public key certificate.
  • Attacking Network Protocols - pg.200
Copy link
Contents
Tools
OpenSSL