De Wiki inetshell
Saltar a: navegación, buscar

Create Self-signed cert[editar]

https://www.sslchecker.com/csr/self_signed

Convert DER to PEM[editar]

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert P7B to PEM[editar]

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

Convert PFX to PEM[editar]

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

Probar conexiones SSL/TLS[editar]

Sin verificación de certificado:

openssl s_client -connect 192.168.1.1:443

Verificando certificado:

openssl s_client -connect 192.168.1.1:443 -CApath ./cacert.crt

AES-NI[editar]

https://www.cyberciti.biz/faq/how-to-find-out-aes-ni-advanced-encryption-enabled-on-linux-system/

https://stackoverflow.com/questions/25284119/how-can-i-check-if-openssl-is-support-use-the-intel-aes-ni

# with AES-NI
openssl speed -elapsed -evp aes-128-ecb
# without AES-NI
export OPENSSL_ia32cap="~0x200000200000000"
openssl speed -elapsed -evp aes-128-ecb