• openssl: How to check that a certificate matches a private key

    2 min read

    If we try to install a certificate on a service but we install an incorrect private key, the service will fail, most likely, with some cryptic message. But, how do we make sure that a certificate has been generated using the correct private key? Checking the modulus of each one can help verifying this

    13/07/2021

    Read more...
  • Test SSL protocols availability using openssl s_client

    3 min read

    To make sure we don't publish an SSL service with vulnerable protocols enabled we can check which protocols the server has enabled using openssl s_client

    Depending on the OpenSSL version we have we will have different procotols available. For example, if we are using OpenSSL 1.0.2j we will have the following options for s_client:

     -ssl2         - just use SSLv2
     -ssl3         - just use SSLv3
     -tls1_2       - just use TLSv1.2
     -tls1_1       - just use TLSv1.1
     -tls1         - just use TLSv1
     -dtls1        - just use DTLSv1
    

    On the other hand, if we are using OpenSSL 1.1.1f we will only have:

     -tls1                      Just use TLSv1
     -tls1_1                    Just use TLSv1.1
     -tls1_2                    Just use TLSv1.2
     -tls1_3                    Just use TLSv1.3
    

    06/07/2021

    Read more...
  • How to generate a self-signed certificate using OpenSSL

    2 min read

    Using openssl we can create a self-signed using a non interactive command suitable for automation if we give all the information at once such as the CN, and the days to expire

    21/05/2021

    Read more...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
tags related to this category