alias enc='openssl enc -e -aes128 -base64 -pass "env:PASS"'
alias dec='openssl enc -d -aes128 -base64 -pass "env:PASS"'
openssl pkcs12 -info -in client.p12
keytool -list -keystore client.jks -storepass changeit;
openssl x509 -inform PEM -in ca.pem -text -out certdata; cat certdata;
sslnode() { openssl pkcs12 -nodes -nokeys -clcerts -in $1 -out cert.pem; openssl pkcs12 -nodes -nocerts -clcerts -in $1 -out key.pem;}
openssl rand -base64 32
If you have the error: unable to write 'random state', which refers to the default seeding file, just delete it:
sudo rm ~/.rnd
uuidgen
Or for a 10 chars id in hexadecimal
openssl rand -hex 10
Alternatively for 8 chars base64 id:
openssl rand -base64 6
Or to generate a n chars id:
genid() { openssl rand -base64 40 | cut -c1-$1; }
genid 15
Reason: The website called by curl relies on a certificate authority not supported.
In practice: if you are calling a website with a custom CA certificate, you need to download this ca.pem.
Reason: The website called by curl expects you to provide a SSL client certificate.
In practice: it should be your client certificate exported from Firefox in .p12 format. Also check that ${userHome}/.curlrc contains a line starting with cert.
Reason: The password for your SSL client certificate is incorrect.
In practice: you can export your client certificate in .p12 format from Firefox. See the Advanced/Certificates/Backup in Firefox preferences.
The SSL connection is untrusted because of name difference between SSL server certificate and url called.