## page was renamed from security/ssl
##master-page:HomepageReadWritePageTemplate
##master-date:Unknown-Date
#format wiki
#language en
= SSL + TLS + OPENssl =
 
 * Links: [[https://labs.detectify.com/2018/11/29/abuse-mitm-regardless-of-https/|ssl-mitm-HSTS]] , [[Linux/OpenSSL]] , [[LetsEncrypt]] , [[https://www.digicert.com/dns-caa-rr-check.htm|2017-DNS CAA Resource Record Check]]
 * [[OpenSslSelfSignedCertificate| openssl self signed certificate with ]] [[https://realpython.com/python-https/#how-are-keys-shared|SSL key exchange explained]]

 * Online check cert: https://tools.keycdn.com/ssl

 * https://wiki.samat.org/CheatSheet/OpenSSL
 * Create own cert from http://www.sendmail.org/~ca/email/other/cagreg.html

 * Creating a Digicert UTM certificate.
   * Create pkcs12 certificate.
     {{{
openssl pkcs12 -export -inkey user-wild-aes256-4096.key -in Digicert-user_co_za.cer -certfile certs/DigiCertCA.crt -out user-wild-aes256-4096.cer.p12
     }}}
   * Check pkcs12 certificate.
     {{{
openssl pkcs12 -nokeys -in user-wild-aes256-4096.cer.p12 -passin pass:MySeCrEt | less 
     }}}

== Java keytool ==
 * List keys 
   {{{ 
       keytool -list -v -keystore store.jks
   }}}
 * Export java jks to p12
   {{{
      keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12
-deststoretype PKCS12 -srcalias <jkskeyalias> -deststorepass <password>
-destkeypass <password>
   }}}

== openssl export only key or cert ==
 * Export certificate using openssl:
   {{{
      openssl pkcs12 -in keystore.p12  -nokeys -out cert.pem
   }}}
 * Export unencrypted private key:
   {{{
      openssl pkcs12 -in keystore.p12  -nodes -nocerts -out key.pem
   }}}

...
----
CategorySecurity