• openssl: How to check that a certificate matches a private key

    2 min read

    If we try to install a certificate on a service but we install an incorrect private key, the service will fail, most likely, with some cryptic message. But, how do we make sure that a certificate has been generated using the correct private key? Checking the modulus of each one can help verifying this


  • Test SSL protocols availability using openssl s_client

    3 min read

    To make sure we don't publish an SSL service with vulnerable protocols enabled we can check which protocols the server has enabled using openssl s_client

    Depending on the OpenSSL version we have we will have different procotols available. For example, if we are using OpenSSL 1.0.2j we will have the following options for s_client:

     -ssl2         - just use SSLv2
     -ssl3         - just use SSLv3
     -tls1_2       - just use TLSv1.2
     -tls1_1       - just use TLSv1.1
     -tls1         - just use TLSv1
     -dtls1        - just use DTLSv1

    On the other hand, if we are using OpenSSL 1.1.1f we will only have:

     -tls1                      Just use TLSv1
     -tls1_1                    Just use TLSv1.1
     -tls1_2                    Just use TLSv1.2
     -tls1_3                    Just use TLSv1.3


  • How to generate a self-signed certificate using OpenSSL

    2 min read

    Using openssl we can create a self-signed using a non interactive command suitable for automation if we give all the information at once such as the CN, and the days to expire



From pet to cattle
Treat your kubernetes clusters like cattle, not pets
tags related to this category