Skip to content

Instantly share code, notes, and snippets.

@prettydiff

prettydiff/gist:17a9fc6d1970c4fcdd5fede82dd3415a

Last active March 7, 2022 16:09
Show Gist options
  • Save prettydiff/17a9fc6d1970c4fcdd5fede82dd3415a to your computer and use it in GitHub Desktop.
Save prettydiff/17a9fc6d1970c4fcdd5fede82dd3415a to your computer and use it in GitHub Desktop.
Download ZIP
certificate - windows
Raw
gistfile1.txt
problem - Windows:
Cert does not work unless both the root and signed certs are added to the Windows trust store.
---
certificate create steps:
openssl genpkey -algorithm RSA -out share-file-ca.key
openssl req -x509 -key share-file-ca.key -days 16384 -out share-file-ca.crt -subj "/CN=share-file-ca/O=share-file"
openssl genpkey -algorithm RSA -out share-file.key
openssl req -new -key share-file.key -out share-file.csr -subj "/CN=share-file/O=share-file"
openssl x509 -req -in share-file.csr -days 16384 -out share-file.crt -CA share-file-ca.crt -CAkey share-file-ca.key -CAcreateserial -extfile "C:\\Users\\austincheney\\share-file-systems\\lib\\certificate\\ca.cnf" -extensions x509_ext
config file: https://gist.github.com/prettydiff/79787166b034f0fe587f2204e9fb7702
---
windows store commands:
Import-Certificate -FilePath .\share-file.crt -CertStoreLocation 'Cert:\CurrentUser\Root'
Import-Certificate -FilePath .\share-file-ca.crt -CertStoreLocation 'Cert:\CurrentUser\Root'
---
openSSL verification command:
openssl s_client -connect localhost:443 -servername localhost -verify_return_error -CAfile .\share-file-ca.crt
---
openSSL verification output:
CONNECTED(0000020C)
depth=1 CN = share-file-ca, O = share-file
verify return:1
depth=0 CN = share-file, O = share-file
verify return:1
---
Certificate chain
0 s:/CN=share-file/O=share-file
i:/CN=share-file-ca/O=share-file
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICOjCCAaOgAwIBAgIJAKQHIp3tMBTMMA0GCSqGSIb3DQEBCwUAMC0xFjAUBgNV
BAMMDXNoYXJlLWZpbGUtY2ExEzARBgNVBAoMCnNoYXJlLWZpbGUwIBcNMjIwMzA3
MTQyNjAyWhgPMjA2NzAxMTQxNDI2MDJaMCoxEzARBgNVBAMMCnNoYXJlLWZpbGUx
EzARBgNVBAoMCnNoYXJlLWZpbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AM26CRwQsUdrvpSwNmJ4C+Q5l0J/TEbCnHmgsay6RySIM0WVuwgTkl0SDSINIC4S
9bOrGHejwMB15WgZN0/6b4CK14+ChPj9ZDvvpeYWzikMMlfBVGqSaGfBS6YwEpMs
l5CMHay0+vGdUsK76+qgFk4opvIRkpr9EAuuH/zT8P0jAgMBAAGjYzBhMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFNqcRvIChUre1QyaGmyXneiNwpJmMB8GA1UdIwQYMBaA
FGwOM8+PWfG0uUOT4QyPdoVNIuC7MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkq
hkiG9w0BAQsFAAOBgQAuUmE+Q5+ukAtq18QIZBtS3d3ewvF3Il/LETgpeWIEh1UD
i59yhdhMvN0cYm9llKc6046xwGku07+rsurEC6lf6PFj4k1DOpGtyzUQvmXq6Zjt
5xLAcJcAZDSEeEpiZ4bpbNXwWLJeuDkd0ReUWG6iLXScL/RtN5ZmPSTa3k5aNw==
-----END CERTIFICATE-----
subject=/CN=share-file/O=share-file
issuer=/CN=share-file-ca/O=share-file
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1132 bytes and written 452 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 11442DC36EA787D76A812EEBE4D63A8AD7C94B3437262AA5B921CFAF16CBEF4E
Session-ID-ctx:
Master-Key: 9C92B894B73DFCEDF3BCA2CE41CE9C06A88FBF94F1FF19E3911F4663E10E34BFFDA321D4B795DD6273898AE580B94AC2
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 68 c9 95 80 b6 0a d3 e8-1a 02 66 a2 14 71 5a 66 h.........f..qZf
0010 - 8e 79 a2 6b 5b 58 41 10-2a a0 5d ea 56 3a 03 15 .y.k[XA.*.].V:..
0020 - b6 a9 50 89 97 86 ee 4b-4c 36 b2 dd 21 11 54 be ..P....KL6..!.T.
0030 - 58 28 f0 b5 8f f2 04 67-cf 08 ca 6c 4d dd 09 f3 X(.....g...lM...
0040 - 82 62 7f b3 7a 5d 03 0b-eb 0a 79 83 04 df f3 00 .b..z]....y.....
0050 - 6b ec 75 b7 75 f1 92 11-5f 54 15 93 f3 a7 2d 48 k.u.u..._T....-H
0060 - 8b be 8f f1 8a 38 dc e9-04 55 03 96 17 15 3f 29 .....8...U....?)
0070 - 28 92 e2 65 78 2a ae 27-17 05 c0 ca 2c 7c 9d 1e (..ex*.'....,|..
0080 - ac 5e b6 85 05 54 81 14-a7 52 8b 94 71 9d 8e a9 .^...T...R..q...
0090 - 7b a0 64 a6 af 8d 29 3c-8f 10 45 3d 79 e5 37 51 {.d...)<..E=y.7Q
00a0 - 91 3a 1f f2 ca f9 e6 5d-22 b0 94 b0 dc 59 52 1f .:.....]"....YR.
00b0 - 42 65 97 81 d1 ad e0 96-ab 30 20 eb 00 7f ac f5 Be.......0 .....
Start Time: 1646665487
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
HTTP/1.0 403 Forbidden
Content-Type: text/plain
Unknown ALPN Protocol, expected `h2` to be available.
If this is a HTTP request: The server was not configured with the `allowHTTP1` option or a listener for the `unknownProtocol` event.
close
---
openSSL verification command:
openssl s_client -connect localhost:443 -servername localhost -verify_return_error -CAfile .\share-file.crt
---
openSSL verification output:
CONNECTED(000001D4)
depth=0 CN = share-file, O = share-file
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/CN=share-file/O=share-file
i:/CN=share-file-ca/O=share-file
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICOjCCAaOgAwIBAgIJALhkSCUX6tmJMA0GCSqGSIb3DQEBCwUAMC0xFjAUBgNV
BAMMDXNoYXJlLWZpbGUtY2ExEzARBgNVBAoMCnNoYXJlLWZpbGUwIBcNMjIwMzA3
MTUyMDE5WhgPMjA2NzAxMTQxNTIwMTlaMCoxEzARBgNVBAMMCnNoYXJlLWZpbGUx
EzARBgNVBAoMCnNoYXJlLWZpbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ALr93jYVBA1MuMhMQR/Yxtk/15TL1iQ6EsRDiayAl8RTbGuNQzr20j7or8hx4bTq
WngeWgfJgeQ9O+T8tfBMuQyqtAoLvXjyfY4ZaCQ2mkBYX14PP3hGi2XxvAd7/GWJ
Wmb4zOSeBEC0uq/jhbypLWAatTf1LPoc26Ibin8R+d1jAgMBAAGjYzBhMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFFye4Gnci0Baw4M1gzf9qlvoNXqaMB8GA1UdIwQYMBaA
FOfG8bdE4VezWcRWtgEgVruwauDBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkq
hkiG9w0BAQsFAAOBgQBLz0RRCrvFNE0aeJTqRJVFMyWfxYn099YYVxpR6kjoA1uT
otgeVURxCdUop4g5Zk1tdmPI82nBsdb55PUp+Df8ukLF3NPRxww6xT4mWRqJhtfS
refYj0slKO1NE/DnTYozqsz2dw/rCANZQ+I+NmyMVI/ZcO6nmFcP1gqGB3c88g==
-----END CERTIFICATE-----
subject=/CN=share-file/O=share-file
issuer=/CN=share-file-ca/O=share-file
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1132 bytes and written 452 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 6999703201EDCAA336BB5A7E2E3887C315D06C7893C9EA747D350C76E03C3752
Session-ID-ctx:
Master-Key: A19A269537755B4B81D361F9AFAAC1882B7B89B067DC1CC534AE36FCFBBC6771005A352F820187ADB77FBB5FAE8AE47C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 78 b9 07 c1 d0 de ff ae-49 c2 22 a8 83 a1 fb d7 x.......I.".....
0010 - 67 21 e4 75 46 33 35 92-ba 17 cc c0 54 15 35 aa g!.uF35.....T.5.
0020 - 08 7c 27 13 33 84 23 f5-99 e6 a1 7d 59 af 77 df .|'.3.#....}Y.w.
0030 - db f6 7e 03 a1 71 fa 67-17 9d 96 13 bb 57 7f 19 ..~..q.g.....W..
0040 - 42 b0 73 d5 f4 91 42 b1-d2 59 a9 53 f2 ef cf 23 B.s...B..Y.S...#
0050 - 50 e9 f4 39 c3 76 1e 57-14 59 a5 c2 ae 2f 3b 74 P..9.v.W.Y.../;t
0060 - a7 ab 87 a5 86 bb 83 79-8e f4 22 bf 56 79 38 7a .......y..".Vy8z
0070 - c8 d9 fd 08 d9 f8 d8 de-3b 2f 9a 53 e7 1a ac dd ........;/.S....
0080 - 1e 2d 34 44 5f 96 11 a7-c5 63 ea 1e 3a cf b1 f9 .-4D_....c..:...
0090 - 3b 08 f1 9f c1 75 64 5c-51 3f 2b a0 b0 f3 7a b3 ;....ud\Q?+...z.
00a0 - d8 09 2d 29 f8 1f 6f e1-1c e2 78 cf a4 ef f6 5a ..-)..o...x....Z
00b0 - 67 81 2c ee 5d 6b 01 95-42 92 12 4b 9f d2 89 0d g.,.]k..B..K....
Start Time: 1646669221
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
HTTP/1.0 403 Forbidden
Content-Type: text/plain
Unknown ALPN Protocol, expected `h2` to be available.
If this is a HTTP request: The server was not configured with the `allowHTTP1` option or a listener for the `unknownProtocol` event.
closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment