Onno W. Purbo onno@indo.net.id openssl Onno W. Purbo onno@indo.net.id.

Slides:



Advertisements
Similar presentations
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Advertisements

HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.
Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.
SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Introduction to OpenSSL Jing Dalhousie University.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
It’s not about security... it’s about access! Grid Security Pieter van Beek.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apache ssl Objectives Contents Practical Summary Setup Apache + ssl
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Lockdown of a Basic Pool.
APACHE SERVER By Innovationframes.com »
Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.
PKI Processing with OpenSSL Rodney Thayer
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.
SSL Technology Overview and Troubleshooting Tips.
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.
CSCI 6962: Server-side Design and Programming
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Public-key Infrastructure. Computer Center, CS, NCTU 2 Public-key Infrastructure  A set of hardware, software, people, policies, and procedures.  To.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Unit 1: Protection and Security for Grid Computing Part 2
Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.
Module 9: Fundamentals of Securing Network Communication.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.
Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Advanced Sendmail Part 1
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Network Security: Lab#2 J. H. Wang Oct. 9, Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
GRID-FR French CA Alice de Bignicourt.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Connect and Replicate Securely: How to use MySQL with SSL Sheeri K. Cabral, MySQL Team Lead
SSL Setup Making PROPworks® Applications Secure
Apache Security with SSL Using FreeBSD
Unix System Administration
SSL Implementation Guide
Using SSL – Secure Socket Layer
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Public-key Infrastructure
A Programmer’s Guide to Secure Connections
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Public-key Infrastructure
Unit 8 Network Security.
Presentation transcript:

Onno W. Purbo onno@indo.net.id openssl Onno W. Purbo onno@indo.net.id

Reference http://www.openssl.org http://www.linuxdoc.org http://www.redhat.com

OpenSSL OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

OpenSSL The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for Creation of RSA, DH and DSA key parameters Creation of X.509 certificates, CSRs and CRLs Calculation of Message Digests Encryption and Decryption with Ciphers SSL/TLS Client and Server Tests Handling of S/MIME signed or encrypted mail

Standard Commands Asn1parse - Parse an ASN.1 sequence. Ca - Certificate Authority (CA) Management. Ciphers - Cipher Suite Description Determination. Crl - Certificate Revocation List (CRL) Management. Crl2pkcs7 - CRL to PKCS#7 Conversion. Dgst - Message Digest Calculation. Dh - Diffie-Hellman Parameter Management. Obsoleted by dhparam. Dsa - DSA Data Management.

Standard Commands Dsaparam - DSA Parameter Generation. Enc - Encoding with Ciphers. Errstr - Error Number to Error String Conversion. Dhparam - Generation and Management of Diffie-Hellman Parameters. Gendh - Generation of Diffie-Hellman Parameters. Obsoleted by dhparam. Gendsa - Generation of DSA Parameters. Genrsa - Generation of RSA Parameters.

Standard Commands Ocsp - Online Certificate Status Protocol utility. Passwd - Generation of hashed passwords. Pkcs7 - PKCS#7 Data Management. Rand - Generate pseudo-random bytes. Req - X.509 Certificate Signing Request (CSR) Management. Rsa - RSA Data Management. Rsautl - RSA utility for signing, verification, encryption, and decryption.

Standard Commands s_client - This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library.

Standard Commands s_server - This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS-aware webserver.

Standard Commands s_time - SSL Connection Timer. sess_id - SSL Session Data Management. Smime - S/MIME mail processing. Speed - Algorithm Speed Measurement. Verify - X.509 Certificate Verification. Version - OpenSSL Version Information. X509 - X.509 Certificate Data Management.

/etc/httpd/conf/ [root@linux conf]# ls -l total 68 lrwxrwxrwx 1 root root 37 May 2 04:06 Makefile -> ../../../usr/share/ssl/certs/Makefile -rw-r--r-- 1 root root 348 Aug 24 2000 access.conf -rw-r--r-- 1 root root 40561 Aug 24 2000 httpd.conf -rw-r--r-- 1 root root 357 Aug 24 2000 srm.conf drwx------ 2 root root 4096 May 2 04:06 ssl.crl drwx------ 2 root root 4096 May 2 04:06 ssl.crt drwx------ 2 root root 4096 May 2 09:43 ssl.csr drwx------ 2 root root 4096 May 2 04:06 ssl.key drwx------ 2 root root 4096 May 2 04:06 ssl.prm

make usage [root@linux conf]# make usage This makefile allows you to create: o public/private key pairs o SSL certificate signing requests (CSRs) o self-signed SSL test certificates To create a key pair, run "make SOMETHING.key". To create a CSR, run "make SOMETHING.csr". To create a test certificate, run "make SOMETHING.crt". To create a key and a test certificate in one file, run "make SOMETHING.pem". To create a key for use with Apache, run "make genkey". To create a CSR for use with Apache, run "make certreq". To create a test certificate for use with Apache, run "make testcert".

Private Key

make server.key [root@linux conf]# make server.key umask 77 ; \ /usr/bin/openssl genrsa -des3 -rand 1024 > server.key 0 semi-random bytes loaded Generating RSA private key, 512 bit long modulus ...++++++++++++ ..++++++++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase:

More server.key [root@linux conf]# more server.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,317BF4C50E1C590B X/V5VDJxPg702miehbOCsumLf2QS9vpO2YxI9BLsNrtBkPyN363UEVQ9Hsrpct mQhDa+/BXuUFqKtZcGJJef2kIhwqe1L5oW0RBRk5XJvOtVWkxobEuRq28f76+j 9+gtNW9O12tTXEg+nGR5KOWd+UEOCtLyCgs2YMfUwloGYzc26lw9n77VI7g0RC ViiNdZLGWlg2ywFBXGVBHeuo2a8NHXxOTuFdPdBP0UCodknzd+Af761FZPJDg0 HEvFzHUpoEExn00NzBUj0YvkUMtOXi4Q9GNB1V7UUiAJNwUZXjbjRgbUXfSMcZ ZY9LkHoc4cq5F4w+IN8O4KLkTfzLENdbbFP04R2BJ5ASx4r7GADaeCMaXUYuqU DjP5gGDIG0lHXSnn31tPBZeVX+AcYEmDU2Zbch5PxPs= -----END RSA PRIVATE KEY-----

Private Key [root@linux conf]# openssl rsa -noout -text -in server.key read RSA key Enter PEM pass phrase: Private-Key: (512 bit) modulus: 00:a3:f6:5c:c5:39:72:54:80:41:94:6a:a0:ae:0c: 7c:eb:d8:ac:f5 publicExponent: 65537 (0x10001) privateExponent: 10:08:c2:af:c2:db:6c:6a:12:7f:ba:21:b6:83:9e: fa:e3:74:e1 prime1: 00:d3:a3:99:4f:43:ba:b3:97:a3:bc:58:e3:58:ce: c6:9a:ad prime2: 00:c6:54:77:29:cf:8d:8c:6a:f0:76:e5:61:db:c3: 33:ac:69

Certificate Signing Request

make CSR [root@linux conf]# make server.csr umask 77 ; \ /usr/bin/openssl req -new -key server.key -out server.csr Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----

Make CSR ... Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:DKI Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Free Agent Organizational Unit Name (eg, section) []:Owner Common Name (eg, your name or your server's hostname) []:www.purbo.org Email Address []:onno@indo.net.id Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:apa kabar An optional company name []:purbo.org [root@linux conf]#

Server.csr This is the server certificate signing request for Apache/mod_ssl corresponding to the ../ssl.crt/server.crt file. Then it contains the CSR which you can send to a public Certification Authority (CA) for requesting a real signed certificate (which then can replace the ../ssl.crt/server.crt file).

More server.csr [root@linux conf]# more server.csr -----BEGIN CERTIFICATE REQUEST----- MIIBezCCASUCAQAwgYsxCzAJBgNVBAYTAklEMQwwCgYDVQQIEwNES0kxEDAOBg BAcTB0pha2FydGExEzARBgNVBAoTCkZyZWUgQWdlbnQxDjAMBgNVBAsTBU93bm MRYwFAYDVQQDEw13d3cucHVyYm8ub3JnMR8wHQYJKoZIhvcNAQkBFhBvbm5vQG ZG8ubmV0LmlkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKP2XMU5clSAQZRqoK aHiFnbiIcyt/vgx301kwmkH1DdRncuR74mIPAjSxA9Mik5cPUOUtCQmw7LCbfO rPUCAwEAAaA0MBgGCSqGSIb3DQEJAjELEwlwdXJiby5vcmcwGAYJKoZIhvcNAQ MQsTCWFwYSBrYWJhcjANBgkqhkiG9w0BAQQFAANBADnl/mBcXOkFv6I8PV5oWC BH5Ppxx0T4bON2vaE2DPiEdneWdbt5QoJBw7AO1zWuGSxhQDEx4RaEx6sEfXX2 -----END CERTIFICATE REQUEST----- [root@linux conf]#

Server.csr [root@linux conf]# openssl req -noout -text -in server.csr Using configuration from /usr/share/ssl/openssl.cnf Certificate Request: Data: Version: 0 (0x0) Subject: C=ID, ST=DKI, L=Jakarta, O=Free Agent, OU=Owner, CN=www.purbo.org/Email=onno@indo.net.id Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:a3:f6:5c:c5:39:72:54:80:41:94:6a:a0:ae:0c: 03:d3:22:93:97:0f:50:e5:2d:09:09:b0:ec:b0:9b: 7c:eb:d8:ac:f5 Exponent: 65537 (0x10001)

Server.csr .. Attributes: unstructuredName :purbo.org challengePassword :apa kabar Signature Algorithm: md5WithRSAEncryption 39:e5:fe:60:5c:5c:e9:05:bf:a2:3c:3d:5e:68:58:2f:9b:04: 7e:4f:a7:1c:74:4f:86:ce:37:6b:da:13:60:cf:88:47:67:79: 67:5b:b7:94:28:24:1c:3b:00:ed:73:5a:e1:92:c6:14:03:13: 1e:11:68:4c:7a:b0:47:d7:5f:6d [root@linux conf]#

Digital Certificate (Self Signed)

Make CRT [root@linux conf]# [root@linux conf]# make server.crt umask 77 ; \ /usr/bin/openssl req -new -key server.key -x509 -days 365 -out server.crt Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Make CRT .. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:DKI Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Free Agent Organizational Unit Name (eg, section) []:Owner Common Name (eg, your name or your server's hostname) []:www.purbo.org Email Address []:onno@indo.net.id [root@linux conf]#

/etc/httpd/conf/ssl.crt The ssl.crt/ directory of Apache/mod_ssl where PEM-encoded X.509 Certificates for SSL are stored. server.crt - is the server certificate for Apache/mod_ssl, configured with the SSLCertificateFile directive.

More server.crt [root@linux conf]# more server.crt -----BEGIN CERTIFICATE----- MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS Z2VudDEOMAwGA1UECxMFT3duZXIxFjAUBgNVBAMTDXd3dy5wdXJiby5vcmcxHz BgkqhkiG9w0BCQEWEG9ubm9AaW5kby5uZXQuaWQwHhcNMDEwNTAzMDE0MTE1Wh MDIwNTAzMDE0MTE1WjCBizELMAkGA1UEBhMCSUQxDDAKBgNVBAgTA0RLSTEQMA A1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZSBBZ2VudDEOMAwGA1UECxMFT3 ZXIxFjAUBgNVBAMTDXd3dy5wdXJiby5vcmcxHzAdBgkqhkiG9w0BCQEWEG9ubm aW5kby5uZXQuaWQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAo/ZcxTlyVIBBlG rgxoeIWduIhzK3++DHfTWTCaQfUN1Gdy5HviYg8CNLED0yKTlw9Q5S0JCbDssJ 69is9QIDAQABo4HrMIHoMB0GA1UdDgQWBBT995mg/pKwzq5yZSSK9jCpxRzbtT uAYDVR0jBIGwMIGtgBT995mg/pKwzq5yZSSK9jCpxRzbtaGBkaSBjjCBizELMA A1UEBhMCSUQxDDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1 ChMKRnJlZSBBZ2VudDEOMAwGA1UECxMFT3duZXIxFjAUBgNVBAMTDXd3dy5wdX Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY= -----END CERTIFICATE----- [root@linux conf]#

Server.crt [root@linux conf]# openssl x509 -noout -text -in server.crt Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=ID, ST=DKI, L=Jakarta, O=Free Agent, OU=Owner, CN=www.purbo.or g/Email=onno@indo.net.id Validity Not Before: May 3 01:41:15 2001 GMT Not After : May 3 01:41:15 2002 GMT Subject: C=ID, ST=DKI, L=Jakarta, O=Free Agent, OU=Owner, CN=www.purbo.o rg/Email=onno@indo.net.id Subject Public Key Info:

Server.crt .. Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:a3:f6:5c:c5:39:72:54:80:41:94:6a:a0:ae:0c: Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: FD:F7:99:A0:FE:92:B0:CE:AE:72:65:24:8A:F6:30:A9: X509v3 Authority Key Identifier: keyid:FD:F7:99:A0:FE:92:B0:CE:AE:72:65:24:8A: DirName:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 8d:af:9e:12:ee:90:42:e4:0c:fc:40:dd:f7:b0:08:6f:17:d5: root@linux conf]#

Testing s_client

S_client [root@linux conf]# openssl s_client -host localhost -port 443 CONNECTED(00000003) depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify error:num=18:self signed certificate verify return:1 --- Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id i:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id

S_client Command Line [root@linux conf]# openssl s_client -host localhost -port 443 CONNECTED(00000003) depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify error:num=18:self signed certificate verify return:1 --- Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id i:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id

S_client Self Sign Cerificate [root@linux conf]# openssl s_client -host localhost -port 443 CONNECTED(00000003) depth=0 /C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno @indo.net.id verify error:num=18:self signed certificate verify return:1 --- Certificate chain 0 s:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id i:/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id Self Sign Cerificate

S_client .. --- Server certificate -----BEGIN CERTIFICATE----- MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY= -----END CERTIFICATE----- subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id

S_client .. Siapa Anda.. --- Server certificate -----BEGIN CERTIFICATE----- MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY= -----END CERTIFICATE----- subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id Siapa Anda..

Issuer / Cerificate Authority S_client .. --- Server certificate -----BEGIN CERTIFICATE----- MIIC9TCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCSU DDAKBgNVBAgTA0RLSTEQMA4GA1UEBxMHSmFrYXJ0YTETMBEGA1UEChMKRnJlZS Qw4hIPMdJ5eer6qBUaiIl5G9yurxeAOPkSd58OVsmX1KwQIm2kLZtwY= -----END CERTIFICATE----- subject=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id issuer=/C=ID/ST=DKI/L=Jakarta/O=Free Agent/OU=Owner/CN=www.purbo.org/Email=onno@indo.net.id Issuer / Cerificate Authority

S_client .. --- No client certificate CA names sent SSL handshake has read 1221 bytes and written 314 bytes New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 512 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03 Key-Arg : None Start Time: 988936497 Timeout : 300 (sec) Verify return code: 0 (ok)

S_client .. Master Key --- No client certificate CA names sent SSL handshake has read 1221 bytes and written 314 bytes New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 512 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: F597E6EEDB4B6C6FADFC7AEDDC0E66F4740E7EB8486F03 Key-Arg : None Start Time: 988936497 Timeout : 300 (sec) Verify return code: 0 (ok) Master Key

S_client .. --- GET / <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <TITLE>Test Page for the Apache Web Server on Red Hat Linux</TITLE> </HEAD> <!-- Background white, links blue (unvisited), navy (visited), red (active) --> <BODY BGCOLOR="#FFFFFF"> <H1 ALIGN="CENTER">Test Page</H1> This page is used to test the proper operation of the Apache Web server after it has been installed. If you can read this page, it means that the Apache Web server installed at this site is working properly. </HTML> closed [root@linux conf]#

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.