# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048
# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
openssl ecparam -genkey -name secp384r1 -out server.key
vanbroup
/ ca-hierarchy-ocsp-test.go
Last active
January 20, 2024 10:54
Script to create a CA hierarchy with delegated OCSP responder certificates to test the effects on different combinations of OCSP Signing EKU settings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // certutil -urlcache * delete | |
| // certutil -verify -user -urlfetch "Server Certificate.cer" | |
| package main | |
| import ( | |
| "crypto" | |
| "crypto/rand" | |
| "crypto/rsa" | |
| "crypto/tls" | |
| "crypto/x509" |
vanbroup
/ ocsp-request-get-to-post.sh
Created
April 6, 2018 08:48
Create a POST OCSP request from an OCSP GET request URL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo MFIwUKADAgEAMEkwRzBFMAkGBSsOAwIaBQAEFNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwIMPVGgldv/1vnVuWtZ | base64 --decode > ocsp.req | |
| # Print OCSP request | |
| openssl ocsp -text -reqin ocsp.req | |
| # Make OCSP request | |
| curl -v -o ocsp.resp --data-binary @ocsp.req -H "Content-Type: application/ocsp-request" --url http://ocsp.example.com/ca1 --header "Host: ocsp.example.com" | |
| # Print OCSP response | |
| openssl ocsp -noverify -text -respin ocsp.resp |
vanbroup
/ ocsp-request-serial.sh
Last active
March 15, 2021 13:30
Making an OCSP request with OpenSSL using the issuer certificate and serial number and replay it with CURL for debugging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Make an OCSP request with CURL using the issuer certificate and serial number | |
| openssl ocsp -noverify -no_nonce -respout ocsp.resp -reqout ocsp.req -issuer issuer.pem -serial "0x11219f92c6b10baba606ac6c7eb0474898f6" -text -url http://ocsp.example.com -header 'Host=ocsp.example.com' | |
| # Replay the OCSP request via CURL showing request and response headers for debugggin | |
| curl -v -o curl.resp --data-binary @ocsp.req -H "Content-Type: application/ocsp-request" --url http://ocsp.example.com/ca1 --header "Host=ocsp.example.com" |
vanbroup
/ ocsp-request-script.sh
Created
March 19, 2018 12:43
Make an OCSP request with bash via OpenSSL and and obtain the certificate (chain) from the TLS handshake, replay the request with CURL.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$#" -ne 1 ]; then | |
| echo | |
| echo "No hostname given to obtain certificate status" | |
| echo "\tuse: $0 www.example.com" | |
| echo | |
| exit 1 | |
| fi |
mkauf
/ WebSocket support for curl.odp
Last active
December 3, 2022 11:10
WebSocket support for curl
6174
/ golang-tls.md
Created
December 12, 2016 06:33
— forked from denji/golang-tls.md
Simple Golang HTTPS/TLS Examples
vanbroup
/ create-cache-config-crl.sh
Last active
March 15, 2021 13:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # make sure that this script runs with the time zone GMT | |
| export TZ=GMT | |
| config="crl-cache-headers.conf" | |
| # swap the root directy every reload to make sure that | |
| # the config alines with the files actually served | |
| curdir=`cat lastroot.txt` | |
| newdir=`expr $curdir + 1` | |
| olddir=`expr $curdir - 1` |
vanbroup
/ OrderByDNS.php
Created
June 27, 2013 13:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * Just a quick and dirty API example for DNS verification | |
| */ | |
| error_reporting(E_ALL); | |
| /* | |
| * Create a Private key | |
| */ | |
| $dn = array( |
econchick
/ gist:4666413
Last active
December 22, 2023 13:32
Python implementation of Dijkstra's Algorithm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Graph: | |
| def __init__(self): | |
| self.nodes = set() | |
| self.edges = defaultdict(list) | |
| self.distances = {} | |
| def add_node(self, value): | |
| self.nodes.add(value) | |
| def add_edge(self, from_node, to_node, distance): |
NewerOlder