ssltester's Introduction

SSLTester

A set of SSL client and server testing tools

Debugging the SSL Connection

Usually you will want to use the ssl switch in order to watch the client and server interactions, e.g.

-Djavax.net.debug=ssl

It is useful to watch the handshake, e.g.

-Djavax.net.debug.ssl:handshake

Note: A value of "help" will show all options.

Set up self-signed CA

OpenSSL Self-Signed Certificate

Password: test

Prerequisites

Locate and edit openssl.cnf
- Set default country name
Set environment variable OPENSSL_CONF
- On Windows: set OPENSSL_CONF=C:\GnuWin\share\openssl.cnf
Set environment variable HOME

   
   # openssl genrsa -des3 -out server.key 1024
   # openssl req -new -key server.key -out server.csr
   # cp server.key server.key.org
   # openssl rsa -in server.key.org -out server.key
   # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

http://www.akadia.com/services/ssh_test_certificate.html

   # openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name server

Import using Portecle [1]

In the following article, we are only left with a certificate request. An additional step is required to actually create a certificate. The openssl x509 tool will probably do the job -- I'll have to experiment later.

https://blogs.oracle.com/blogbypuneeth/entry/steps_to_create_a_self1 https://blogs.oracle.com/blogbypuneeth/entry/steps_to_create_a_self

[1] Portecle 1.7 - See http://portecle.sourceforge.net/

SSL Server

   # openssl s_server -accept 4443 -www -cert server.crt -key server.key

https://www.openssl.org/docs/manmaster/apps/s_server.html

ssltester's People

Contributors

Stargazers

Watchers

ssltester's Issues

Client will not connect to server using self-signed certificate

If the target server uses a self-signed certificate, the client will simply fail to connect. The desired behavior is the client should warn the operator but continue to make the connection.