how to verify SSL(Secure Socket Layer) configuration files

  • Document ID:KM01726790
  • Creation Date:06-Jul-2015
  • Modified Date:19-Oct-2015
    • Micro Focus Products:
      service manager

Summary

we can verify SSL configuration files by simple command such as openssl, cat(Linux) and type(Windows)

Question

There are many files about configuring SSL(Secure Socket Layer). this document shows how to verify each SSL configuration files.

Answer

1. Certification file
 windows command prompt> type CA.crt
 [root@linux]# cat CA.crt
-----BEGIN CERTIFICATE-----
MIIDDzCCAfegAwIBAgIJALVdTLAmz8CQMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNV
BAMME0dlbmVyYXRlZCBQcm9wZWwgQ0EwHhcNMTUwNjE3MDQyODA2WhcNMTYwNjE2
MDQyODA2WjAeMRwwGgYDVQQDDBNHZW5lcmF0ZWQgUHJvcGVsIENBMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqh75OIUcFIyh4U4X0HuC6OJTZhpJ45U8
lVz/fK0G4RobA6ykJCj0HeLKHXKtCBAmf9SyP5bpOOqISq9GeLaS+CpBYnKN33gc
yX0mHI8K5jF6VeY92TtNaLknZ7lvZiQmRSg9XHT6xDXMU1tHRC0SVvQzNpmPeiM0
YBcECBtTImm3JdsK/1RZWUflFpK+St647Vk9NajUzkmgbbQ5q11Vf9cEtPoPW/0b
6+Nde+7VnfIa+kFSmThrmgup7Hebi5rXyp9XJ3Di3xy6PK590e4ihG+kIx2P/5AS
+vy2Lhxn2c5RWst5DZUnau4MLZsO/n3lkkh3RHRdo1JK0LbS9JofZQIDAQABo1Aw
TjAdBgNVHQ4EFgQU622FUsTAiN6suTA/K3Qf8y7imCEwHwYDVR0jBBgwFoAU622F
UsTAiN6suTA/K3Qf8y7imCEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
AQEAmTeG/KMXmwVdiMJI86REJYaR4jva6VKPmXN2H0fkuqjpVS+oSvnw7EOWsNMl
+9G2w5HSMMgrNC3H2PM/gpEur4KNjXDjbVW1E0xCvFtH9KYamK5hlJ0XqdiPLly8
tVvGk7spfUmgGFTdvZlc9mUEZnscROYoCNnY9NWv5+9ZD3DZI6Gb4oicLaiRXlCX
zWdWj7eNjrC2DCFYm4znFATaYJMn6bxtVa3R7A1yupCDVLjzQM32dfRFu8qo3J18
HfCNvvLNdgX4nYR8uQnxEsSs6aGktfGuepKoZZDkEfD2NEIAhuq13E9v9kwq6XGz
lFzI9G1V0CqWKN2Y+DXQ4NJZhw==
-----END CERTIFICATE-----

windows command prompt> type propel_host.crt
[root@linux]# cat propel_host.crt
-----BEGIN CERTIFICATE-----
MIICuzCCAaMCCQDaoo/nV77irjANBgkqhkiG9w0BAQUFADAeMRwwGgYDVQQDDBNH
ZW5lcmF0ZWQgUHJvcGVsIENBMB4XDTE1MDYxNzA0MjgwNloXDTE2MDYxNjA0Mjgw
NlowITEfMB0GA1UEAwwWcHJvcGVsMTExLmVyaWMxMzBkLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAOhH/FymP66X05fw6R5kb0KJQQ435rcmgwqH
z1N1glWoKN2Jk9cTny3GDwJ8J6AZy8SCAz5wKDFccCQ/f6B0OwCXtjje74nWJYvV
cAU36v0wZLCtBergT4X24LwEp7diWX3QDyVXq5yn5aM21jnbxNxYFPWOQEjUZ51g
jdpxPMSt+8k1WOrE0tAK7rWHuFkV8OcvGpuKJIvU0jKb3GRz/+csaW9+JxzKRSiD
8EaeSk43Beq4f8peX8ir1EKOeuwQDTxQshDzzJT2/jvdbKhvzzOnCtRD1GKsYdjO
G7RJ8apFjGQ1deepqyzd4iTM1SY4IXkg1oG5vVXZDiClcixZ4wECAwEAATANBgkq
hkiG9w0BAQUFAAOCAQEAbZ6OxRTnwcI5mYFMD56guG8ttMVK+VixcM+cM6PtbzKx
TirtS/CLk8la0ryrffydcaYyVkrOZRkKn/8pfyYdZq2GBEQVrtGw6Ya3jC+g961f
tLsuSmSPrzqnR0pNnC2LOFaWcleWSSP5zIB25ugEVOLHxBF1KlpjIszx8hJmhwUO
AzC6jjoPjzQeX7/pgE33GUOU8qvZ0WmKfVSQcj/ncrg830PPXznlVuEE4WH/AlCg
FfnlfBLlgtZsu/HewR465x/o68OKr83P7lktxM7kxXVxPp8cUGaJ42Ji5/Mb+CpG
tWd2DMQTvz7cGcsGtpL/seW9ZmK7hPj1yUg/C7JCog==
-----END CERTIFICATE-----

 


2. java keystore file 

## when having private key entry
 windows command prompt> set JAVA_HOME="C:\Program Files\Java\jdk1.7.0_40\jre"
 windows command prompt> set KEYTOOL=%JAVA_HOME%\bin\keytool
 windows command prompt> %keytool% -list -storepass propel2014 -keystore .keystore
 [root@linux]# keytool -list -storepass propel2014 -keystore .keystore

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

propeljboss_propel111.eric130d.com, Jun 17, 2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 53:37:4A:B3:3D:C2:35:A9:55:17:CC:44:16:79:8D:5F:D9:1D:88:9A

## when having publikc key entries
 windows command prompt> set JAVA_HOME="C:\Program Files\Java\jdk1.7.0_40\jre"
 windows command prompt> set KEYTOOL=%JAVA_HOME%\bin\keytool
 windows command prompt> %keytool% -list -storepass propel2014 -keystore .keystore
 [root@linux]# keytool -list -storepass propel2014 -keystore propel.truststore

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

ca, Jun 17, 2015, trustedCertEntry,
Certificate fingerprint (SHA1): 66:0E:3D:08:73:7A:92:78:1C:AB:EC:51:CB:EC:EC:59:0B:4C:79:42
propel111.eric130d.com, Jun 17, 2015, trustedCertEntry,
Certificate fingerprint (SHA1): 53:37:4A:B3:3D:C2:35:A9:55:17:CC:44:16:79:8D:5F:D9:1D:88:9A


3. private key
windows command prompt> type propel_host.key.rsa
 [root@linux]# cat propel_host.key.rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA6Ef8XKY/rpfTl/DpHmRvQolBDjfmtyaDCofPU3WCVago3YmT
1xOfLcYPAnwnoBnLxIIDPnAoMVxwJD9/oHQ7AJe2ON7vidYli9VwBTfq/TBksK0F
6uBPhfbgvASnt2JZfdAPJVernKflozbWOdvE3FgU9Y5ASNRnnWCN2nE8xK37yTVY
6sTS0ArutYe4WRXw5y8am4oki9TSMpvcZHP/5yxpb34nHMpFKIPwRp5KTjcF6rh/
yl5fyKvUQo567BANPFCyEPPMlPb+O91sqG/PM6cK1EPUYqxh2M4btEnxqkWMZDV1
56mrLN3iJMzVJjgheSDWgbm9VdkOIKVyLFnjAQIDAQABAoIBAHL5BrH5XDYYUpS3
mzv+7I9bjsbx5pIrTtuMg5PE62FonemiKnpf7P9kNJO/ToHRoum+jMqAC3T7U0qt
34dVYMsXTQvzVU+9ntILMKp0li0CoiRNUEuFAffGTlDiYP3FgZRjwstyDLC67lCO
WRVEcbm7I4yz/5/M+wiL/Urtl+2lWxOEB5im/fXzw5HAvIzthHfgElOHuJlKFyAP
Pk+QKbi057Wrwjp1NdxDrArsRBOdWTFw0I2eAfqNU3D54O8ZcB8XxNVkKxw0FbVk
3EqbleByAvaTSWVonBH6Hf/nIFertsYgDmcUl+mnjnt710WLmN5/7SfZc09FMK/i
c9DQ1o0CgYEA/TLPTH8CPRP2phMN3JcxJU+sqcI30/0e+1WBBgxn9ilpJa+7+nl0
1jgDJJyheEfC0TRXu5CtjdPTEa8eU7LCF7ekTBrtxohWguqgO1gtkr+cq/yskG1b
nXREPMclsAgLlO3SCFt4qdePoVeDzQWNd4/CuB+jH/jewbvFmP4fg1sCgYEA6tnt
aBwQkPHhHhQPMPufCX/Yib4aQjfVKIi5Nq4MI24NIMSx7ROG7YTnKiu1oQrKgOil
9hb+hHiQtWT0CGAO0sxe5usqG8vHaY6h2qyh6WaBzwS+07NjTRKtFXtTdnp1o/QQ
zBr1+Z78suh+UZSxJb9418MEipdJKzNobNMvDdMCgYEAiqa4PfuPDkNQXcExZgql
LvliY9OnHr8NqDQ6Y0WH6JTkr258Ub0Q7f3eOr5K7cLePBGduWiQoYnNm3F5+ft5
reMyZTqZ2o3uUeKJu/Wdfy7ObKABH1XDRYXVmDK1wJ+nN/bDfTAZ82fHj2KNGkhg
H4jp6Enq2ic+VHiuzAjc2OECgYEAh70z2aO283/KJK9lZGNatYveJSbqWHGa01XK
707Dl0rJbbIiQKuzpd7WGWqwDQeGqeFN4yHBM+HXifByl9ClYLNc+szbRruOY3Vc
GV8EKjnkNzo/7W5Wq7pqrerc/7KiAgRUHRRMLV32IpX8RLzTcsTrXJHMMypj0QNi
jNu2658CgYAggAjdo1HBw5DVjNs5qkHEDBO31pz7REuUAERvMEqchtXe7MS5nIMj
5CRmfFm+ZvDmQkRUZkuIq7FGfx3J210gNKJnw5DccUFNTr/p71wlzn3c8akyH0R1
ngQWUEUJLEV6vC/O2A9NBUlccsty+xEDBukypjjF7iBuvVrvnEWJUg==
-----END RSA PRIVATE KEY-----

 


4. pkcs12 file

 windows command prompt> set OPENSSL=openssl
 windows command prompt> set JAVA_HOME="C:\Program Files\Java\jdk1.7.0_40\jre"
 windows command prompt> %openssl% pkcs12 -info -in propel_host.pfx -passin pass:propel2014 -passout pass:propel2014
 [root@linux]# openssl pkcs12 -info -in propel_host.pfx -passin pass:propel2014 -passout pass:propel2014

MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
    localKeyID: 19 32 93 24 D4 3F 17 99 EB C8 CA E7 B1 33 4D C1 DE C1 35 55
    friendlyName: propeljboss_propel111.eric130d.com
subject=/C=US/ST=California/L=San Francisco/O=StartUpCompany/OU=Software/CN=propel111.eric130d.com
issuer=/CN=eric130.eric130d.com
-----BEGIN CERTIFICATE-----
MIIDIzCCAgsCCQDzJhGNuAyllTANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDExRl
cmljMTMwLmVyaWMxMzBkLmNvbTAeFw0xNTA3MDIwODM4NDFaFw0xODA3MDEwODM4
NDFaMIGHMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
BwwNU2FuIEZyYW5jaXNjbzEXMBUGA1UECgwOU3RhcnRVcENvbXBhbnkxETAPBgNV
BAsMCFNvZnR3YXJlMR8wHQYDVQQDDBZwcm9wZWwxMTEuZXJpYzEzMGQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9scQGO6IhGmwDIpD0rDRLxdP
zWEcJdei1004XeY0nFH21yVMvf/Q1SfSUJhJ4XNFVEgRp+meVtirdO48NzMki4Jx
n7CDlwG+toZ/i9HKQPh3wYX2VbpJ7Cc8VefmRG/UfBz0B/6CM2B8fuCQOaMC1ZUg
rcu94gBY5lD3U3HxX3S9FTfTM6xfeBNbIoC4lyTNnAtSuG9c3gojjU8QSFU+mQeP
mfcqEgPb2yCR8zpyXN+T7B+gl/vsQhvrptES3XJj/B39uu+eIFD2iJ0Fnv7Jh1yF
uZZr6F1tPhJClKGSsibPkHr9qRi1Ap05eZEwPCktfn7HF22f2caXXPC6CB/s+QID
AQABMA0GCSqGSIb3DQEBBQUAA4IBAQB6mun8X5vdBBw1XbL5w34ZgapBelbz9mrk
LPofI9c0EEBwgO12M6ywzSyowIDlqgqzb2bDPZaNQwYMXNU8R5JLx2lzMTzdNshc
rC4sYHO+6ox2YHsW7P1k2AAq8LnoL7Qv8LjcHobSE89gQZF2gEnDQ7oUsIjGT5Ve
gIDRUnbAt7qxNFdCE6xP5JngFBMknXQ3Ttn6EJ3OFJw0QUbWc0OjWmrY7BQ7waKq
hJIBntibLsD+BVkARsqqxWgV/mX0XY1n6GZHgnZ83/JMBNOYY8oTUgzcoIidS/PY
opgTpu+4QcU5Edov5Sl82ydsuVUXLp7Gd81t7e+E7rGhn7wmQGVX
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    localKeyID: 19 32 93 24 D4 3F 17 99 EB C8 CA E7 B1 33 4D C1 DE C1 35 55
    friendlyName: propeljboss_propel111.eric130d.com
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI8axbVLgVtIwCAggA
MBQGCCqGSIb3DQMHBAiszrqqisGRtwSCBMh15AfFzRdl6I+h5Uasv+LRD5NhnYgk
YeS04ouv6X0ZpjWhmhywZPJ5BIE+DjozBnqVTXgU4DB+Zwir819wWMeNNDzOKUYZ
R+np+Ca5zjdIm6m00ycW0rCnqpWwsO0wgoZRmydLzi2T9F4Pd+fEMRdlSdqFj583
04Mpz2hBMkxanI+7AxRZI2TRSuWKk825qzYs5LfhhNxSbi8y60dvKgOzFN9jSddd
VKDTNetGSoePnAYRhGFHxW39Behrh06y3AhesVlIqJjSVHU6he8EU+Y378Ay21eB
skAVvqy1tP/ZHHk7RHcUopi4zwwNwKJoFXyzeQe7fHnQHUmzY5a3bZGhdGyzU25D
xXYKGb/ytIv11vzbv/Wk9qg7riSV7lZ6U5cmiEUD11hiuka5b35ooA3EQr5YOi/f
IReIPBKoHd7BKMeMKzBvhXVWbC+Na6UdzCcd6Y4ZUUXZmIlnrcl6+WVv2f5Dc2fb
Yglp68sJnXL3jXanOdf6u9juGF0V8WCxVxItFkSxy6rkhxh4Cyah/Ayi2tSnLuvw
u6xuzsol/SmjySKRkSJaDhzE/kFOld4FDclMBu3Uxci4oZRb4a5fwwxRi/ckgFN3
gTsYjiT8Qm3CWFcxUIfPuvI+yXD/CCUS2LtyHgCBoZwcMgyCRbeDnh3HQ3FHRDIa
oJsvkvT/Z7nRn4034JCDURmeLoB7cR3XdyrJnkNEogqN8O0mQIMyNBEdii/RQ7bW
JsrbRMancXhip3pHk9d4/n5UgAGC3m1HKzIhuMK1MfpXw+fT8Yj77Pnugyj4gl06
7Lvay5DULZLNoSlom79P3rpDPJrUOjoU+sVrzaXiDkHhd+wWC98OJsZrSrk6lmfp
/mWrO1jSw5TNtU26l6m8bDNgCbZQf2BXvwpUmcZfpeRMTqCkACvACRQDx2NYuRVK
Tm1Y030BnAd8PaPSFgQUKn3lbkb+Ceq28uBVYfnQLQB0EthPHqLe/q++/YNJJv3u
V/rnMKnFkXqxECt0X1d+PI4T3PrZR5jd67C3ZpEZT65wMrt+ZWiPiPpDF0fkP3KT
PJ6jnb7g25UjcwE5dmEcnWxO8NrZwC/DWK6FUzgthzL5D+LVfAWjQOE2kjzwC4AP
+85693Cou/QFQQi1KxSL8X1gAkLB0geXm2/IwQ69+sbTc8ydgrmB3x4heVyPy+XD
yeFdj3UkodgV0IZhuYdpnVhK5NjfkiBtjr/XpnruxewtZpcI+OT4AhU24u3atOzT
UTGQrvvE+vJu9p1bMDfFQvG9JiRVGfj24XOc4K4cA1ZMgiVvpmVX1+UTauI8Mf2o
YrMNxKemFDJrn7Wb13BxdyaF2cvW60mV7zQ+GZUmHOxA5ie2FFoqTtXwIVozIp71
A7Aq/R2szdZ38kXWuSpgBoz63I1T7ieSdDYyCN1RjzwoYU1Q38rvwazP8++hXaub
fgX8keT7sREjROL0OkCBbOhrm8GtZcHsFxnLHvLRRywsVkLpoiXlF0+89QYSqFOo
eMsyIO2+0niaZ5sWj7saQilTLPZU6tn8iQmSGdPQxw4ywEAbT+1WanWzGBIXyE5Z
7gS+qQyIrCMhnVUlxVas49ou9xZaNdqj49pnIxIOVislbUInpYWow8hWz/fXJ8q3
9rk=
-----END ENCRYPTED PRIVATE KEY-----

'cat' command under Linux/Unix
'type' command under Windows