The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols provide secure communications over a computer network, typically between a server and client (eg. website and browser, mail server and mail client).
These protocols are based around X.509 certificates, using asymmetric cryptography (RSA) to authenticate the counter-party to communicate with and negotiate a symmetric key which is then used to encrypt the actual communications.
As a consequence of choosing X.509 certificates, certificate authorities and a public key infrastructure are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates. While this can be more beneficial than verifying the identities via a web of trust, the 2013 mass surveillance disclosures made it more widely known that certificate authorities are a weak point from a security standpoint, allowing man-in-the-middle attacks (MITM).
The PCI Security Standards Council also recently released an official statement that all SSL versions and TLS up to v1.2 (exclusive) are now considered to be insecure protocols for payments cryptography. This means that implementations not meeting this requirement will also need to provide migration plan to the safer versions to become compliant with PCI:DSS audit and any such deployment won’t be able to pass an audit after June 2016.
In the Internet Protocol Suite, TLS and SSL encrypt the data of network connections in the application layer. In OSI model equivalences, TLS/SSL is initialized at layer 5 (session layer) and works at layer 6 (presentation layer). The session layer has a handshake using an asymmetric cipher in order to establish cipher settings and a shared key for that session; then the presentation layer encrypts the rest of the communication using a symmetric cipher and that session key. In both models, TLS and SSL work on behalf of the underlying transport layer, whose segments carry encrypted data.
Communication between a Server and Client starts with an initial configuration exchange, followed by sharing of their certificates. Each party provides its own certificates, usually signed by a shared certificate authority. There is nothing sensitive in this communication up until now so it carries in a plain text (green lines on a picture below).
After the certificate validation, both sides compute their pre-master secrets from random numbers provided by the other side. Client’s pre-master secret is then encrypted with Server public key (received in Server certificate) and returned to encrypted to Server. This message is followed by a message signature for previous message. At this stage both sides can calculate their Master Secret which then serves as a key for data exchange.
PCI Security Standards Council claims that 1024-bit keys become likely to be crackable some time between 2006 and 2010. In regards of 2048-bit keys, those are considered safe until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030.
For example the Industry standards set by the Certification Authority/Browser (CA/B) Forum require that certificates issued after January 1, 2014 MUST be at least 2048-bit key length.
Following table just summarizes the above:
Key lengthValidity1024-bits2006-20102048-bitsuntil 20303072-bitsover 2030
EFTlab’s Cryptographic Calculator (BP-CCalc) now comes with a initial draft of functionalities to support work with SSL (and other) certificates. The generate keys screen allows to generate RSA key pair (private and public keys) with appropriate lengths and optional pass phrase input.
Private Key generated ****************************************
Key length: 2048
Public Exponent: 65537
—————————————-
—–BEGIN ENCRYPTED PRIVATE KEY—–
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIbV9sWzxkyYYCAggA
MBQGCCqGSIb3DQMHBAhrexkTMnUpdQSCBMgowv6aEJbqjT4WEWmhufQwuiqiQzr/
vV3z8nEDk7x54OSOCkvN9GmTOUCCQtD+ZXlATyHWCoNBDeYe1+JYK6p/Gj1lBD3h
uSpQ9NQkuOtMaR4zwbTtx8/C/Or6FcR2zODdQVGizTQQtyc2lnMR93sad67rXHcz
WIAfABVj49I2r6kLk967AyuLc8hACSOl0Zq3w1L9b/nLq1y7nnMFU8QSadeY3ANP
vzGT1VIKmTniUGpVT6CHcBzkWt7SXHQNuK2/0f3Wt8hrcY5NTBULIdRLf/PSFuJd
zX9vV7kT3pJDSP/YJ7XRXJGNv7RFF3A4NXfjJhVkXd+3fQeV6KvVRPgCf6niWQZe
Kc9qbQSvr14uXYcAOU2WCdwvPtTz/su/+uVYzxd1zNmUYnPfP4lFg2qN6XwazbXF
8LVAXqKwR/qNde3OYYDOirZ4jwG1lg+xRT2AkKwLipKOJrgPgr5nHWfbfnIrdF7k
m9BNp6HbYb7V7UANkXj/PXdJVFiQ94WXdX4EQkk1fDEO6Kx74V8+LvNjv7R8AkTT
qjqntdTOZ17SLxGeesan/gs2flo7yibM+6CE7nbDWj93z7TDJPsRlNq42mN5Z2jt
xWpn0hYVMaM3Da1sVQPi3C4DNtHH9iP9rrzBxH6E0U5b3e4j4l37Mffnri466qW4
OurkyiQ28zgo/II9ayrKVXUIxwgfho9/f9zHiCOFlJflLSjePcSm3a7PyPH1Eqdc
iERrmGUh+7/7LeN6hehAM7ML25ALVJdm9bOp3sLRYUhf38u1hKoxckeB7nmHep2A
lJEf3/J4u/HTjy+u5DjzS7QblMCAwcDFd04cyuFzgtX1cQLEkSlBrrSH9heJWY1E
96cI6z8pNRG3PUWCVENrJi89p+lNh+AwvvsmsQOzjFuf4abRy6a3Qo8hmUP7Osej
Ef8clMdW6FrJW1P28FemaJB8e0M3VStdakBkPsNTFEwb2MSzyjSSefe5N5tB/GR1
GbLOp2LdOPi8Gn970Y3MmNldZ/FARmKIvJ7xklPGN5Un9CMfS6JCJ03/gfmfFOaV
zw7L/qgV5d107njuspKLkX5ggxMvL7MEQBkuZbGAoil8HK3go31s2jlMVWX5TIO4
JMUzyRkzGbbxNxWJZfLayXt+YWSozlRPvcUAzAY8qS6vYRIpfo+d9mu0bGSFNfy6
PrYdjnGTruxfTo8q/ugC9c/beecFnL2FsJW/WLIkyyEtMA/8cHXgWj8Ck0kLY+BZ
mPvCSB+NXRtSZYwbCkGzHnY/pJ3HMPXrXKXpbBuoNPFT+Y+w4OqpGXfyrXd7knsY
qAgpuB1kkthEPCwnC9pOE8pmYLgFVvB0u/TbaRpcCYe6hUV+kf+DdztsBvqWohAp
DSp+ILoQpD5k19cf7Ah9p519hHT5q6oiZKK8GcDyhEp7e8oRVLWYGvBJB0CclKDJ
RBnIvJKA982TsC2hfCvd7NwptgJxnbveWiBBzDdBs4FEtq8lFafNjOhyu3EA93Zy
zUgfzVhMjzy/dSOrRVo5Tny8Ey7yI0WNVCxssYbMhvAhy8why8SFsraN0tQMad8l
yjC1wKBq8shQ0CKWY72bkm1xM+jrqxTFWiF+D8MZkz8eH+w2f7AbSaroqe7wqKex
jdM=
—–END ENCRYPTED PRIVATE KEY—–
—–BEGIN PUBLIC KEY—–
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ka5hupCpcsLfy6UiRfd
+IakSAUXfhW0sAOiFHZ74nutJjHLYYXsVO4IUPYlKPl7LoKokCO6CnhYaq7i47Eg
+DXZqVbRM7oBfnJM/j3IIe2JgXM26FwvUS5LfTff/m/ztIs9GvUy+LI4vRK6GtCY
GJOAorB651hcBCA5RyHsndCJ5RbeS6fveHK7g7G92ZSsD9frPOpfM5ozFc1HVsky
RtNX+vslEuu5ro+iB/82xb3HTpOuOpeXGUTCdyDUjv4ty2ndhGLla4THSqO5cxlR
cOcnAHG41P37QtZNFOhLL4e+gIIUIAcOeWfgC8UP9Kwd2iHHl5TKLPc9A0uelhAW
LQIDAQAB
—–END PUBLIC KEY—–
CSRs tab allows generating Certificate Signing Request, which is needed to get the key signed by a certificate authority (CA) which then can distribute client keys.
Certificate Signing request generated
****************************************
Country Name: AU
State (Province): Queensland
Locality Name: Brisbane
Organization: EFTlab PTY
Unit: DEV team
Common Name: eftlab.com.au
Email address: [email protected]
—————————————-
Input PK:
—–BEGIN PRIVATE KEY—–
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeRrmG6kKlywt/
LpSJF934hqRIBRd+FbSwA6IUdnvie60mMcthhexU7ghQ9iUo+XsugqiQI7oKeFhq
ruLjsSD4NdmpVtEzugF+ckz+Pcgh7YmBczboXC9RLkt9N9/+b/O0iz0a9TL4sji9
Eroa0JgYk4CisHrnWFwEIDlHIeyd0InlFt5Lp+94cruDsb3ZlKwP1+s86l8zmjMV
zUdWyTJG01f6+yUS67muj6IH/zbFvcdOk646l5cZRMJ3INSO/i3Lad2EYuVrhMdK
o7lzGVFw5ycAcbjU/ftC1k0U6Esvh76AghQgBw55Z+ALxQ/0rB3aIceXlMos9z0D
S56WEBYtAgMBAAECggEAaK3GEdOhL5NABtVY/ndPAgvmskQznB18yqfrXNev4Cl+
kc5BidwYQKcZI4fIWFOlv3GpELjClMu4WAWktLZmYH5701Qfkcy3h2Us/U77QX8s
kto/sY44enLi+kWmJ51xmEU6scdoCddlASYgnyA9gNV2byfNucXTD95dGzLOzELY
0hZIcZlwH0yHSFAs+v2znjtvUSh4ee0JqGxCkBHcHxlrNtRY9zkUTN8NvVMoH9Uu
l5ZoDzjAqE4ij+lbFNLn+hFkpTyr90UWK0ljrEELH5nhXtBcwXTz6fqQrUi2dYdZ
pipm5KpFUf/eUx4vmGjS6WCJOR0kK7eLXNFvrNQtwQKBgQD4NL5bYehV884vEdpw
sG/palqXqYoeM5ggxKtYEC/RzobGn/f9IW03tVhrx9GqWJcQ4ZClGVR93uq2AmSW
Xt1L13vBJk1qTvx71oZnr5227XZY51Y7OAGxUmRkdxTyS9xJnuCuJHK0q+kR9zL2
3rJJQVyJGUAOFJfEhNRlfB9ihwKBgQDlQYoO26paAnsWjpPXFnm1Assdlyj3U04V
2tZ2q/Qu0/TkkDuxVhKElA/XZGaRtcRBAM+L78EK4uexspzU9oxnwDpMOKX+VIcf
H/qwvPDb70sbZYjhqZQy2zlJCFCYePzytlU/Gye1zXPJixxcUNRx12GwaZNDpxK0
cXyPgsAKqwKBgQC+Z5+79JDKFx0NqNF87yz6z7atb8bfwk6qnJShGtHETn2/s4oH
KnRhbwFktUYXOpywu4k9zf+uC6rcc1t8q0tyWdy64Eo1CmDQE1LKCcOgR+wo6VaS
WTWbNQyEsYFlGmLkKzhK/vTrupEyUgNLtKzqW3TES5WC97Mxc4CIVb6x0wKBgHvn
PBJjrmIPTS8Xx9dLkmO+KsDHXaCuKVmueJKSxNo6O/T77wcdGc0FqLokzTqbHoJz
Sbi7z31uvQJRImoHBkNcpSVkyHH4hT7RLdAvjY2QeutHqP8tg6cozIEoOUbuvOcA
nHoK1x9u9tFKmf1awjb0zRtnM+wwc++KFmQJqnkZAoGAU+wG1CcJJXHNl6LlVPL+
ItkbEt9zOFlYDcMzFpsanhuc0+ZlptXrjhDLbNXpn+rUroOLHQ5J6lkOXf4/1CwZ
Cbsp/t3/sMyZ029d0PhH6nu3NuE+7d1YmH1RkvvF4h2drdlVxXMPAuTx0ScLV0EH
az8gio3vvacQFvFiIsVBDrI=
—–END PRIVATE KEY—–
Certificate Signing Request:
—–BEGIN NEW CERTIFICATE REQUEST—–
MIIC3jCCAcYCAQEwgZgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5k
MREwDwYDVQQHEwhCcmlzYmFuZTETMBEGA1UEChMKRUZUbGFiIFBUWTERMA8GA1UE
CxMIREVWIHRlYW0xFjAUBgNVBAMTDWVmdGxhYi5jb20uYXUxITAfBgkqhkiG9w0B
CQEWEmluZm9AZWZ0bGFiLmNvbS5hdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAN5GuYbqQqXLC38ulIkX3fiGpEgFF34VtLADohR2e+J7rSYxy2GF7FTu
CFD2JSj5ey6CqJAjugp4WGqu4uOxIPg12alW0TO6AX5yTP49yCHtiYFzNuhcL1Eu
S3033/5v87SLPRr1MviyOL0SuhrQmBiTgKKweudYXAQgOUch7J3QieUW3kun73hy
u4OxvdmUrA/X6zzqXzOaMxXNR1bJMkbTV/r7JRLrua6Pogf/NsW9x06TrjqXlxlE
wncg1I7+Lctp3YRi5WuEx0qjuXMZUXDnJwBxuNT9+0LWTRToSy+HvoCCFCAHDnln
4AvFD/SsHdohx5eUyiz3PQNLnpYQFi0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IB
AQAWBPiBc55PCZAT9HozD2EWaE7d5u1VBlKa2zNQ/sjUg1fDpGQzsHz7MWLghg9m
vZyHfu87zjA58j1vlEldq0qSeifJrkcuFWH0JtUavi+jDVFEOltCxkhUFTSwFiKE
vzFagNVlYzKPvA2VpXj9CB4sPA8Cr2HtQrQ35CmbJlHDpuVTyIwtjSY7okpuBrgw
4vI9NOeyItPXsUeVDdAWsNVp3cWYS/LJlJrSopDRazeNy+YXRG/sxN3Bus8tx/f7
VT+W7PqMBORz2ifmUTDzyWWqdtHON5xBTKmBXwG8ziod6AuFHSylqOzqbAR8Waeh
m4nnX9J25JN+dgFYKXIeOz2d
—–END NEW CERTIFICATE REQUEST—–
Have you ever wondered what’s in your CSR request? If all values were taken correctly? Or even, have you been ever thinking where that CSR – all encoded in PEM format – came from? Read CSR screen will parse CSR PEM data for you and provide you with an output in human-readable form.
Certificate Signing Request Read
****************************************
—————————————-
PEM Data:
—–BEGIN NEW CERTIFICATE REQUEST—–
MIIC3jCCAcYCAQEwgZgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5k
MREwDwYDVQQHEwhCcmlzYmFuZTETMBEGA1UEChMKRUZUbGFiIFBUWTERMA8GA1UE
CxMIREVWIHRlYW0xFjAUBgNVBAMTDWVmdGxhYi5jb20uYXUxITAfBgkqhkiG9w0B
CQEWEmluZm9AZWZ0bGFiLmNvbS5hdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAN5GuYbqQqXLC38ulIkX3fiGpEgFF34VtLADohR2e+J7rSYxy2GF7FTu
CFD2JSj5ey6CqJAjugp4WGqu4uOxIPg12alW0TO6AX5yTP49yCHtiYFzNuhcL1Eu
S3033/5v87SLPRr1MviyOL0SuhrQmBiTgKKweudYXAQgOUch7J3QieUW3kun73hy
u4OxvdmUrA/X6zzqXzOaMxXNR1bJMkbTV/r7JRLrua6Pogf/NsW9x06TrjqXlxlE
wncg1I7+Lctp3YRi5WuEx0qjuXMZUXDnJwBxuNT9+0LWTRToSy+HvoCCFCAHDnln
4AvFD/SsHdohx5eUyiz3PQNLnpYQFi0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IB
AQAWBPiBc55PCZAT9HozD2EWaE7d5u1VBlKa2zNQ/sjUg1fDpGQzsHz7MWLghg9m
vZyHfu87zjA58j1vlEldq0qSeifJrkcuFWH0JtUavi+jDVFEOltCxkhUFTSwFiKE
vzFagNVlYzKPvA2VpXj9CB4sPA8Cr2HtQrQ35CmbJlHDpuVTyIwtjSY7okpuBrgw
4vI9NOeyItPXsUeVDdAWsNVp3cWYS/LJlJrSopDRazeNy+YXRG/sxN3Bus8tx/f7
VT+W7PqMBORz2ifmUTDzyWWqdtHON5xBTKmBXwG8ziod6AuFHSylqOzqbAR8Waeh
m4nnX9J25JN+dgFYKXIeOz2d
—–END NEW CERTIFICATE REQUEST—–
Certificate Signing Request:
Certificate Request:
Data:
Version: 1 (0x1)
Subject: C=AU, ST=Queensland, L=Brisbane, O=EFTlab PTY, OU=DEV team, CN=eftlab.com.au/emailAddress=[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:de:46:b9:86:ea:42:a5:cb:0b:7f:2e:94:89:17:
dd:f8:86:a4:48:05:17:7e:15:b4:b0:03:a2:14:76:
7b:e2:7b:ad:26:31:cb:61:85:ec:54:ee:08:50:f6:
25:28:f9:7b:2e:82:a8:90:23:ba:0a:78:58:6a:ae:
e2:e3:b1:20:f8:35:d9:a9:56:d1:33:ba:01:7e:72:
4c:fe:3d:c8:21:ed:89:81:73:36:e8:5c:2f:51:2e:
4b:7d:37:df:fe:6f:f3:b4:8b:3d:1a:f5:32:f8:b2:
38:bd:12:ba:1a:d0:98:18:93:80:a2:b0:7a:e7:58:
5c:04:20:39:47:21:ec:9d:d0:89:e5:16:de:4b:a7:
ef:78:72:bb:83:b1:bd:d9:94:ac:0f:d7:eb:3c:ea:
5f:33:9a:33:15:cd:47:56:c9:32:46:d3:57:fa:fb:
25:12:eb:b9:ae:8f:a2:07:ff:36:c5:bd:c7:4e:93:
ae:3a:97:97:19:44:c2:77:20:d4:8e:fe:2d:cb:69:
dd:84:62:e5:6b:84:c7:4a:a3:b9:73:19:51:70:e7:
27:00:71:b8:d4:fd:fb:42:d6:4d:14:e8:4b:2f:87:
be:80:82:14:20:07:0e:79:67:e0:0b:c5:0f:f4:ac:
1d:da:21:c7:97:94:ca:2c:f7:3d:03:4b:9e:96:10:
16:2d
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha1WithRSAEncryption
16:04:f8:81:73:9e:4f:09:90:13:f4:7a:33:0f:61:16:68:4e:
dd:e6:ed:55:06:52:9a:db:33:50:fe:c8:d4:83:57:c3:a4:64:
33:b0:7c:fb:31:62:e0:86:0f:66:bd:9c:87:7e:ef:3b:ce:30:
39:f2:3d:6f:94:49:5d:ab:4a:92:7a:27:c9:ae:47:2e:15:61:
f4:26:d5:1a:be:2f:a3:0d:51:44:3a:5b:42:c6:48:54:15:34:
b0:16:22:84:bf:31:5a:80:d5:65:63:32:8f:bc:0d:95:a5:78:
fd:08:1e:2c:3c:0f:02:af:61:ed:42:b4:37:e4:29:9b:26:51:
c3:a6:e5:53:c8:8c:2d:8d:26:3b:a2:4a:6e:06:b8:30:e2:f2:
3d:34:e7:b2:22:d3:d7:b1:47:95:0d:d0:16:b0:d5:69:dd:c5:
98:4b:f2:c9:94:9a:d2:a2:90:d1:6b:37:8d:cb:e6:17:44:6f:
ec:c4:dd:c1:ba:cf:2d:c7:f7:fb:55:3f:96:ec:fa:8c:04:e4:
73:da:27:e6:51:30:f3:c9:65:aa:76:d1:ce:37:9c:41:4c:a9:
81:5f:01:bc:ce:2a:1d:e8:0b:85:1d:2c:a5:a8:ec:ea:6c:04:
7c:59:a7:a1:9b:89:e7:5f:d2:76:e4:93:7e:76:01:58:29:72:
1e:3b:3d:9d
If there is no certificate authority around to sign your certificates, there is always an option to sign those on your own.
Certificate generated
****************************************
Serial Number: 42
Country Name: AU
State (Province): Queensland
Locality Name: Brisbane
Organization: EFTlab PTY
Unit: DEV team
Common Name: eftlab.com.au
Email address: [email protected]
—————————————-
Input PK:
—–BEGIN PRIVATE KEY—–
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC07SrApN3brXaq
3ldAtIdN+839yfdQ2sz3EZcHUuS0wuBrExUDllt5E+17BooYypuxKeRR5GYLx6p6
zJgkIxYxLZ1Lp2wwx/f9fpK1lOFQLjO+u+IyDqrZMVDX/XxxxaTWkDc59z1+S11V
BR3kbgUqXn9gyw6E1SViMLSWFzVdU+BAWWpqaKLooffwbOLPu361eeZCQ+K7Qwrz
Q0xN/ZJ+T4uhOc0z8lhifw8LKsNiE6Gy40M3eYy86ya5vPexXYWJwIGD/drq5lwa
ksPCMWTRSiOZc5GIEpAWL73lgZDnzl/vYFR3C+9PDi7eJrtyc8/JRlz7mgvF2ykf
UH639rbhAgMBAAECggEAEh2VJEjdtfs+YIl2rxHkYliOHZU1YDEoSKzINIGGSNsi
YVY9ymgprIvkQWc8OJNA15JcPB7kYNWTKkyGB0hEFpR8pXCUEqZTHFyqD+hiTwbx
Q23Ijj6NuMWJVLca2MFzadBy1yj8TUL6i2LBxXeGqOFhW625PG+jGJvL2SNlwnxS
VzvCBloI8S6nrGmOJnbVnVd8+w0yF5ZMqku3l5XSxqhWnkYTbma5x48UqBQD89NW
i14g1otpI7zNa0fHCWG3O52vKDcIOa4BXCrQTu+GF+6f+dV2JK0p6z01zT4fdtv5
Pro/sgxSxKbd6ln1D9afgCQdoy7CNVUMMeH7T8FpgQKBgQDiJW86gHz6Xg/HElCz
dIv8FPGptnVQoGlKyGAng4g/dhUEiOdxkDKhtc3zI5tUj4qyUVpODbSTq8SjOQzF
weq8mqNZ0H3lneiUCcBUgw46CiuEh0Gc3EhJ/i9i3cW2GmX8UqoO5wNzucPGWpMf
oNN5SwVWsb4pSC+NueZRpt03mQKBgQDMz4nu6ib8Ivg21Xq6tUQbFL8TU+8j+yg7
5FZ4Ehuo10NzaKkOJGftq8zMqfjr5xVJoN1zYaAoTisScPVkD2jGErxLwK294A83
8mKvKKw3hGFWGY0q+JgAosOIlEJ/jYb4iNXa+Aoq3gYxOYktG/8WA8UNLpzdQnp4
P6TN4vVmiQKBgQC3wTs0ChuDRNMFKviwGM92MX58LGn+7Zkgzthywwn+pvBFEwkc
2dKKW7PREOmyOEC2zCvYqIJGS5goGL8sIXmfbve0jxj9buYBBDtncGYq+wCJW24R
C10h4oyWhSWV5rVf5buRCF1ht1xA3HAXjxLGyBK6cwrVeHZLbvaa+j9eYQKBgD3W
L3QV+D1KJZ0QqWRz1CNFCUfBoMNBUm16zGymMvmwPKo8oEYn0cUdiNEGRKSc+X1o
d1Qd1qg0qaaAumZCjMS45WcNvqdEXfPrV8ZAxnZgnq7LOicONX6Dpfu3n7g5N9YU
IlVhbFhy/nWgRH19JXA1JSqMt0nKh4WE2bJb4vHZAoGBAJiaJkVUSqBC9bAWDfRD
Rge3qe+GnFX3jqoVVyqMN/pOaOlm8xZOTxb5JQjtvgOhw8fZdLP9hrzjU98ksZqq
ONE9q0XPMlUhGWWc2syCE31H9O1k49PubBvmTnMcqkgVGEyNmbMVUrJMjZgUpnza
4EMaawbAf7nVondN33O6Sm1o
—–END PRIVATE KEY—–
Certificate:
—–BEGIN CERTIFICATE—–
MIID6TCCAtGgAwIBAgIBKjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCQVUx
EzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRMwEQYDVQQK
EwpFRlRsYWIgUFRZMREwDwYDVQQLEwhERVYgdGVhbTEWMBQGA1UEAxMNZWZ0bGFi
LmNvbS5hdTEhMB8GCSqGSIb3DQEJARYSaW5mb0BlZnRsYWIuY29tLmF1MB4XDTE1
MDUxMTA5MTM0NVoXDTE2MDUxMDA5MTM0NVowgZgxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTETMBEGA1UEChMKRUZU
bGFiIFBUWTERMA8GA1UECxMIREVWIHRlYW0xFjAUBgNVBAMTDWVmdGxhYi5jb20u
YXUxITAfBgkqhkiG9w0BCQEWEmluZm9AZWZ0bGFiLmNvbS5hdTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALTtKsCk3dutdqreV0C0h037zf3J91DazPcR
lwdS5LTC4GsTFQOWW3kT7XsGihjKm7Ep5FHkZgvHqnrMmCQjFjEtnUunbDDH9/1+
krWU4VAuM7674jIOqtkxUNf9fHHFpNaQNzn3PX5LXVUFHeRuBSpef2DLDoTVJWIw
tJYXNV1T4EBZampoouih9/Bs4s+7frV55kJD4rtDCvNDTE39kn5Pi6E5zTPyWGJ/
Dwsqw2ITobLjQzd5jLzrJrm897FdhYnAgYP92urmXBqSw8IxZNFKI5lzkYgSkBYv
veWBkOfOX+9gVHcL708OLt4mu3Jzz8lGXPuaC8XbKR9Qfrf2tuECAwEAAaM8MDow
FwYDVR0RBBAwDoIMZWZ0bGFiLmNvLnVrMB8GCWCGSAGG+EIBDAQSFhB3d3cuZWZ0
bGFiLmNvLnVrMA0GCSqGSIb3DQEBBQUAA4IBAQAenf0uLSCS/oXAaEp98PZ4Stjn
YXU9Ud7nzXEne7OO1k0JNqsgV65NRPEo/O0gjskbpLSxJ28MGoiWecCJe9Vm+Uk8
QVt7eeSW3JG0scXNS2hmtxW/YjsH8KqeAE3A8fbDoGv8bCRXNfXm4BjR47Jc7f6V
oZd9u2toFY2v8g6XQA88eWkrg/M7i2NgeICMLR2lyCx/gqZgHKWGOd2k89U5OYIN
SAR92M+n8i0/kP/dfrvV3G+0Vs2QUq5Q+z1aR9QurqENe7Va0mMpak6p6Er6qgA+
KnMdVxYDp2aPWwu38YBkdcjFQ770BjT164e67zcy+59wgvX5YXGP197amHzM
—–END CERTIFICATE—–
OpenSSL brings many options to generate various certificates, however none of them is so easy like Reading Certificate on the last screen. This screen will take a certificate in a PEM format and translate its content in a human-readable code.
Certificate Read
****************************************
—————————————-
PEM Data:
—–BEGIN CERTIFICATE—–
MIID6TCCAtGgAwIBAgIBKjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCQVUx
EzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRMwEQYDVQQK
EwpFRlRsYWIgUFRZMREwDwYDVQQLEwhERVYgdGVhbTEWMBQGA1UEAxMNZWZ0bGFi
LmNvbS5hdTEhMB8GCSqGSIb3DQEJARYSaW5mb0BlZnRsYWIuY29tLmF1MB4XDTE1
MDUxMTA5MTM0NVoXDTE2MDUxMDA5MTM0NVowgZgxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTETMBEGA1UEChMKRUZU
bGFiIFBUWTERMA8GA1UECxMIREVWIHRlYW0xFjAUBgNVBAMTDWVmdGxhYi5jb20u
YXUxITAfBgkqhkiG9w0BCQEWEmluZm9AZWZ0bGFiLmNvbS5hdTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALTtKsCk3dutdqreV0C0h037zf3J91DazPcR
lwdS5LTC4GsTFQOWW3kT7XsGihjKm7Ep5FHkZgvHqnrMmCQjFjEtnUunbDDH9/1+
krWU4VAuM7674jIOqtkxUNf9fHHFpNaQNzn3PX5LXVUFHeRuBSpef2DLDoTVJWIw
tJYXNV1T4EBZampoouih9/Bs4s+7frV55kJD4rtDCvNDTE39kn5Pi6E5zTPyWGJ/
Dwsqw2ITobLjQzd5jLzrJrm897FdhYnAgYP92urmXBqSw8IxZNFKI5lzkYgSkBYv
veWBkOfOX+9gVHcL708OLt4mu3Jzz8lGXPuaC8XbKR9Qfrf2tuECAwEAAaM8MDow
FwYDVR0RBBAwDoIMZWZ0bGFiLmNvLnVrMB8GCWCGSAGG+EIBDAQSFhB3d3cuZWZ0
bGFiLmNvLnVrMA0GCSqGSIb3DQEBBQUAA4IBAQAenf0uLSCS/oXAaEp98PZ4Stjn
YXU9Ud7nzXEne7OO1k0JNqsgV65NRPEo/O0gjskbpLSxJ28MGoiWecCJe9Vm+Uk8
QVt7eeSW3JG0scXNS2hmtxW/YjsH8KqeAE3A8fbDoGv8bCRXNfXm4BjR47Jc7f6V
oZd9u2toFY2v8g6XQA88eWkrg/M7i2NgeICMLR2lyCx/gqZgHKWGOd2k89U5OYIN
SAR92M+n8i0/kP/dfrvV3G+0Vs2QUq5Q+z1aR9QurqENe7Va0mMpak6p6Er6qgA+
KnMdVxYDp2aPWwu38YBkdcjFQ770BjT164e67zcy+59wgvX5YXGP197amHzM
—–END CERTIFICATE—–
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42 (0x2a)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=AU, ST=Queensland, L=Brisbane, O=EFTlab PTY, OU=DEV team, CN=eftlab.com.au/emailAddress=[email protected]
Validity
Not Before: May 11 09:13:45 2015 GMT
Not After : May 10 09:13:45 2016 GMT
Subject: C=AU, ST=Queensland, L=Brisbane, O=EFTlab PTY, OU=DEV team, CN=eftlab.com/emailAddress=[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b4:ed:2a:c0:a4:dd:db:ad:76:aa:de:57:40:b4:
87:4d:fb:cd:fd:c9:f7:50:da:cc:f7:11:97:07:52:
e4:b4:c2:e0:6b:13:15:03:96:5b:79:13:ed:7b:06:
8a:18:ca:9b:b1:29:e4:51:e4:66:0b:c7:aa:7a:cc:
98:24:23:16:31:2d:9d:4b:a7:6c:30:c7:f7:fd:7e:
92:b5:94:e1:50:2e:33:be:bb:e2:32:0e:aa:d9:31:
50:d7:fd:7c:71:c5:a4:d6:90:37:39:f7:3d:7e:4b:
5d:55:05:1d:e4:6e:05:2a:5e:7f:60:cb:0e:84:d5:
25:62:30:b4:96:17:35:5d:53:e0:40:59:6a:6a:68:
a2:e8:a1:f7:f0:6c:e2:cf:bb:7e:b5:79:e6:42:43:
e2:bb:43:0a:f3:43:4c:4d:fd:92:7e:4f:8b:a1:39:
cd:33:f2:58:62:7f:0f:0b:2a:c3:62:13:a1:b2:e3:
43:37:79:8c:bc:eb:26:b9:bc:f7:b1:5d:85:89:c0:
81:83:fd:da:ea:e6:5c:1a:92:c3:c2:31:64:d1:4a:
23:99:73:91:88:12:90:16:2f:bd:e5:81:90:e7:ce:
5f:ef:60:54:77:0b:ef:4f:0e:2e:de:26:bb:72:73:
cf:c9:46:5c:fb:9a:0b:c5:db:29:1f:50:7e:b7:f6:
b6:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:eftlab.co.uk
Netscape SSL Server Name:
www.eftlab.co.uk
Signature Algorithm: sha1WithRSAEncryption
1e:9d:fd:2e:2d:20:92:fe:85:c0:68:4a:7d:f0:f6:78:4a:d8:
e7:61:75:3d:51:de:e7:cd:71:27:7b:b3:8e:d6:4d:09:36:ab:
20:57:ae:4d:44:f1:28:fc:ed:20:8e:c9:1b:a4:b4:b1:27:6f:
0c:1a:88:96:79:c0:89:7b:d5:66:f9:49:3c:41:5b:7b:79:e4:
96:dc:91:b4:b1:c5:cd:4b:68:66:b7:15:bf:62:3b:07:f0:aa:
9e:00:4d:c0:f1:f6:c3:a0:6b:fc:6c:24:57:35:f5:e6:e0:18:
d1:e3:b2:5c:ed:fe:95:a1:97:7d:bb:6b:68:15:8d:af:f2:0e:
97:40:0f:3c:79:69:2b:83:f3:3b:8b:63:60:78:80:8c:2d:1d:
a5:c8:2c:7f:82:a6:60:1c:a5:86:39:dd:a4:f3:d5:39:39:82:
0d:48:04:7d:d8:cf:a7:f2:2d:3f:90:ff:dd:7e:bb:d5:dc:6f:
b4:56:cd:90:52:ae:50:fb:3d:5a:47:d4:2e:ae:a1:0d:7b:b5:
5a:d2:63:29:6a:4e:a9:e8:4a:fa:aa:00:3e:2a:73:1d:57:16:
03:a7:66:8f:5b:0b:b7:f1:80:64:75:c8:c5:43:be:f4:06:34:
f5:eb:87:ba:ef:37:32:fb:9f:70:82:f5:f9:61:71:8f:d7:de:
da:98:7c:cc
This example clearly demonstrates how the SSL Certificates can be generated and read back. EFTlab’s team hope that this functionality will aid your development, saving precious resources where needed. Please let us know if there is any other feature you are missing. Our team will be delighted to get some inspiration on further development.