Certificater og TLS

Et godt site til at test certificater på er:
http://www.digicert.com/help/index.htm?host=mailin01.jndata.dk:25

det fede ved denne cert checker, er at man kan difinere alternative porte, dvs. denne også kan bruges til at se på SSL certificater som bruges i forbindelse med SMTP TLS forbindelser.

En anden god site er Openssl commandline
http://www.madboa.com/geek/openssl/#cs-smtp

openssl s_client -connect remote.host:25 -starttls smtp
eller
openssl s_client -connect remote.host:25 -crlf -starttls smtp
alt efter MTA, Output bliver noget alla når det går godt:

openssl s_client -connect  mailin01.jndata.dk:25 -crlf -starttls smtp
CONNECTED(00000003)
depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=DK/ST=8600 Silkeborg/L=Frichsvej 18/O=JN Data A/S/OU=JN Data A/S/CN=mailin01.jndata.dk
   i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdzCCA+CgAwIBAgIQKQLNqZKomLm8KdgF843S6zANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
OTAyMTcwMDAwMDBaFw0xMTAyMTcyMzU5NTlaMIGGMQswCQYDVQQGEwJESzEXMBUG
A1UECBMOODYwMCBTaWxrZWJvcmcxFTATBgNVBAcUDEZyaWNoc3ZlaiAxODEUMBIG
A1UEChQLSk4gRGF0YSBBL1MxFDASBgNVBAsUC0pOIERhdGEgQS9TMRswGQYDVQQD
FBJtYWlsaW4wMS5qbmRhdGEuZGswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ALk+LtfavrxQIWMCjPWfjiHliMnxnTeMYFzMwA7A20Tney94J3xKjFBYUjh4u6zI
aD5zWi6zXznDmIya5BhFyFO4+kjDD0LhoeVHFV08H2RwYVURdSUJO9bw4LuJdp2g
lxQwl52VHxHIygphTP5RsXpGb/m6QlXjBIqF5Cyo1eAHAgMBAAGjggGuMIIBqjAy
BgNVHREEKzApghJtYWlsaW4wMS5qbmRhdGEuZGuCE21haWxvdXQxMi5qbmRhdGEu
ZGswCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0
cDovL2NybC52ZXJpc2lnbi5jb20vQ2xhc3MzSW50ZXJuYXRpb25hbFNlcnZlci5j
cmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRw
czovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCGSAGG+EIEAQYI
KwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AudmVyaXNpZ24uY29tMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBY
MFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUY
MCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjANBgkqhkiG
9w0BAQUFAAOBgQBQgdmcE6+4cIU8K2Oc6oleYJivNwV/ayBEHkUXkxeqampcZ0xr
yMUKqlbmGOCMvF+OqIWwLghnWENSK2x4KY4NRiARbtrV5hjShoJ6gE7zTG2hA/mK
G5mLDpkgFTdfCUzUrC3Yhne3cP9yFWUDRGLJy6HPOv1BqGVzKCSmKuyeWQ==
-----END CERTIFICATE-----
subject=/C=DK/ST=8600 Silkeborg/L=Frichsvej 18/O=JN Data A/S/OU=JN Data A/S/CN=mailin01.jndata.dk
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
No client certificate CA names sent
---
SSL handshake has read 2741 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 19FE276A7B999E00B9AACE36E0764D1C3DA92BCD13E385BA94EB7A8C4E389A8A
    Session-ID-ctx:
    Master-Key: 76A2D2DF4969D0D2E998D289756B329836DD3AD39B1B1055C11E70ECAFAA7AED2BD5E563828A542136305B75AF86EE01
    Key-Arg   : None
    Start Time: 1283243766
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 STARTTLS

eller vil man få en sådan output.

No client certificate CA names sent
---
SSL handshake has read 3022 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 60DEF783F755C96F7F8F8B51A46FA9FEE59EC31985DF3541FD9C1A79AFB4FE60
    Session-ID-ctx:
    Master-Key: 590CE493718260A532112F3BE959B7FEE7FA95E275BD9025B4251D66ECD46E89B78BA4BBA2DDD751D5F057BF54840100
    Key-Arg   : None
    Start Time: 1283240998
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

 

  • You are here:  
  • Home
  • Debian
  • Certificater og TLS