openssl : generate a self signed certificate which supports subject alternative name

Here are logs when generating a self signed certificate which supports subject alternative name (SAN)

# dpkg -l openssl ii  openssl            1.0.1f-1ubuntu amd64          Secure Sockets Layer toolkit - cryptograp

At first, edit openssl.cnf.

Where is openssl.cnf ?

# locate openssl.cnf /etc/ssl/openssl.cnf /usr/lib/ssl/openssl.cnf

Change the directory.

# cd /etc/ssl/ # cp openssl.cnf openssl.cnf.org

edit openssl.cnf

[ req ] default_bits            = 2048 default_keyfile         = privkey.pem distinguished_name      = req_distinguished_name req_extensions = v3_req attributes              = req_attributes

edit openssl.cnf

[ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = www.foo.com DNS.2 = www.bar.org DNS.3 = www.foobar.net

generate a private key

# openssl genrsa -out ssl_san.key 2048 Generating RSA private key, 2048 bit long modulus ..................................................................................+++ .................+++ e is 65537 (0x10001)

generate the CSR.

specify “www.foo.com” as common name

# openssl req -new -out ssl_san.csr -key ssl_san.key -config /etc/ssl/openssl.cnf # openssl req -new -out ssl_san.csr -key ssl_san.key -config /etc/ssl/openssl.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:www.foo.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

dump the CSR info.

# openssl req -text -noout -in ssl_san.csr Certificate Request:    Data:        Version: 0 (0x0)        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.foo.com        Attributes:        Requested Extensions:            X509v3 Basic Constraints:                CA:FALSE            X509v3 Key Usage:                Digital Signature, Non Repudiation, Key Encipherment            X509v3 Subject Alternative Name:                DNS:www.foo.com, DNS:www.bar.org, DNS:www.foobar.net

create the self-signed certificate.

# openssl x509 -req -days 365 -in ssl_san.csr -signkey ssl_san.key -out ssl_san.crt -extensions v3_req -extfile /etc/ssl/openssl.cnf Signature ok subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.foo.com Getting Private key

dump the cert info.

# openssl x509 -text -in ssl_san.crt # openssl x509 -text -in ssl_san.crt Certificate:    Data:        Version: 3 (0x2)        Serial Number: 14707573325970862199 (0xcc1bcc041280f077)    Signature Algorithm: sha256WithRSAEncryption        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.foo.com        X509v3 extensions:            X509v3 Basic Constraints:                CA:FALSE            X509v3 Key Usage:                Digital Signature, Non Repudiation, Key Encipherment            X509v3 Subject Alternative Name:                DNS:www.foo.com, DNS:www.bar.org, DNS:www.foobar.net

openssl : check vulnerability CVE-2014-0160 using Heartbleed

Here is how to check if your OpenSSL libraries are vulnerable of CVE-2014-0160.

https://github.com/FiloSottile/Heartbleed

install go 1.2 which is required to use Heartbleed.

# go version go version go1.2 linux/amd64

install Heartbleed.

# go get github.com/FiloSottile/Heartbleed # go install github.com/FiloSottile/Heartbleed

# which Heartbleed /root/.gvm/pkgsets/go1.2/global/bin/Heartbleed # Heartbleed  --help Usage of Heartbleed:  -starttls="": use STARTTLS

# Heartbleed  192.168.0.1:443 2014/04/09 21:31:05 192.168.0.1:443 - SAFE

# Heartbleed 192.168.0.2:443 2014/04/09 13:00:07 ([]uint8) { 00000000  02 00 79 68 65 61 72 74  62 6c 65 65 64 2e 66 69  |..yheartbleed.fi| 00000010  6c 69 70 70 6f 2e 69 6f  59 45 4c 4c 4f 57 20 53  |lippo.ioYELLOW S| 00000020  55 42 4d 41 52 49 4e 45  9e ec 94 05 14 3c 96 75  |UBMARINE.....<.u| 00000030  76 5c ab 5b 0b 69 8f fd  cb 97 8a 00 b9 b2 25 29  |v\.[.i........%)| 00000040  7e 3e 50 23 9b 17 e7 0c  75 4b 1c 0c 7d 21 99 89  |~>P#....uK..}!..| 00000050  aa ed dc 67 e0 41 51 05  a6 40 b8 6d 0e 55 50 cb  |...g.AQ..@.m.UP.| 00000060  ca 96 f1 3d 83 10 82 60  12 8c d6 fd da b6 35 79  |...=...`......5y| 00000070  07 18 b3 48 5c e9 5b f5  2b 2c 4e 87 49 84 71 10  |...H\.[.+,N.I.q.| 00000080  16 bf bd 6c 12 65 ef 33  02 a9 22 38              |...l.e.3.."8| } 2014/04/09 22:00:07 192.168.0.2:443 - VULNERABLE

Fedora 19: mount cirros qcow2 image with guestfs-tools

small tips

When evaluating openstack RDO by using cirros images, I would like to change root user’s credentials from default credentials “cubswin:)” to other letters before booting instances.Because I could not enter colon “:” via VNC in my environment for some reasons.

Here’s how to mount cirros qcow2 image and edit /etc/shadow.

I changed credentials to hello.

dump credentials for shadow file

# echo "hello"| openssl passwd -1 -stdin $1$/xfGm6Qk$zSUqaHU5nycXbK/Za.D1v0

install libguestfs-tools and mount qcow2 image.

# yum install libguestfs-tools - mount qcow2 image # mkdir mnt # guestmount --rw -a cirros-0.3.1-x86_64-disk.img -i mnt # cd mnt/ # cd etc/ - before editing shadow # cat shadow root:!$1$LJwQnqlv$DK6oKqcTq9Rf2ClC.kMa3/:10933:0:99999:7::: bin:*:10933:0:99999:7::: daemon:*:10933:0:99999:7::: adm:*:10933:0:99999:7::: lp:*:10933:0:99999:7::: sync:*:10933:0:99999:7::: shutdown:*:10933:0:99999:7::: halt:*:10933:0:99999:7::: uucp:*:10933:0:99999:7::: operator:*:10933:0:99999:7::: ftp:*:10933:0:99999:7::: nobody:*:10933:0:99999:7::: cirros:$1$LJwQnqlv$DK6oKqcTq9Rf2ClC.kMa3/:10933:0:99999:7::: # cp shadow shadow.org - after editing shadow file # cat shadow root:$1$/xfGm6Qk$zSUqaHU5nycXbK/Za.D1v0:10933:0:99999:7::: bin:*:10933:0:99999:7::: daemon:*:10933:0:99999:7::: adm:*:10933:0:99999:7::: lp:*:10933:0:99999:7::: sync:*:10933:0:99999:7::: shutdown:*:10933:0:99999:7::: halt:*:10933:0:99999:7::: uucp:*:10933:0:99999:7::: operator:*:10933:0:99999:7::: ftp:*:10933:0:99999:7::: nobody:*:10933:0:99999:7::: cirros:$1$/xfGm6Qk$zSUqaHU5nycXbK/Za.D1v0:10933:0:99999:7::: # cd ../.. - unmount # guestunmount mnt/

openssl s_client : verify error:num=20:unable to get local issuer certificate

small tips.

Here’s how to solve an error “verify error:num=20:unable to get local issuer certificate” when connecting to HTTPS sites with “openssl s_client” command.

# openssl s_client -connect google.com:443 CONNECTED(00000003) depth=1 C = US, O = Google Inc, CN = Google Internet Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com   i:/C=US/O=Google Inc/CN=Google Internet Authority 1 s:/C=US/O=Google Inc/CN=Google Internet Authority   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- <snip> -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com issuer=/C=US/O=Google Inc/CN=Google Internet Authority

There are two ways to solve this.

1. specify server certification file

create a file pasted from “-----BEGIN CERTIFICATE-----“ to “-----END CERTIFICATE-----
“

# cat google.crt -----BEGIN CERTIFICATE----- <snip> -----END CERTIFICATE-----

specify the file by -Cafile option.

# openssl s_client -CAfile google.crt -connect www.google.com:443 -debug -showcerts CONNECTED(00000003) write to 0x1944250 [0x196b780] (226 bytes => 226 (0xE2)) 0000 - 16 03 01 00 dd 01 00 00-d9 03 02 51 42 cb 45 7a   ...........QB.Ez 0010 - 10 cc 75 53 74 bc 61 6e-29 98 28 64 30 23 69 d7   ..uSt.an).(d0#i. 0020 - 76 8e 16 2b 58 ec 93 76-62 4a 82 00 00 66 c0 14   v..+X..vbJ...f.. <snip>    0050 - f6 69 67 d4 a0 c0 9c d1-8e fb c2 e7 ea a3 a6 d6   .ig.............    0060 - d4 48 fa 77 9a d7 24 09-49 e9 8b 7d f4 de ad 2d   .H.w..$.I..}...-    0070 - d5 ac a7 a7 c6 4d f5 07-bc bd 08 a5 cf 97 02 91   .....M..........    0080 - e5 41 df 87 a9 df 93 df-86 af f6 38 e7 46 c3 b3   .A.........8.F..    0090 - 98 63 60 df                                       .c`.    Start Time: 1363331909    Timeout   : 300 (sec)    Verify return code: 0 (ok) --- GET / HTTP/1.0 write to 0x1944250 [0x1975233] (40 bytes => 40 (0x28)) 0000 - 17 03 02 00 23 15 22 62-d2 f3 45 c2 7d 0a 6d 04   ....#."b..E.}.m. 0010 - 28 b9 01 ad dd 57 46 30-78 f6 75 04 e7 4a cf 4b   (....WF0x.u..J.K <snip> #

2. specify root ca certification file

In case of ubuntu 12.04 , ca cert file is located under /etc/ssl/certs/ca-certificates.crt
The file name and the location of CA cert file might differ from distributions or versions.

root@ubuntu1204-vm1:~# update-ca-certificates Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d....done. root@ubuntu1204-vm1:~# updatedb root@ubuntu1204-vm1:~# locate ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

specify CA cert file.

root@ubuntu1204-vm1:~# openssl s_client -CAfile /etc/ssl/certs/ca-certificates.c rt -connect www.google.com:443 -debug -showcerts CONNECTED(00000003) write to 0x2309250 [0x2330780] (226 bytes => 226 (0xE2))

openssl s_client コマンド。

これ使うと、いろいろな ssl ( https , smtps , pops ) など、CLI で確認できるなー。

-port を変えれば OK

smtps なら、-port 465
pop3s なら　-port 995

という感じ。


下記は https 接続した結果。
下記の GET / HTTP/1.0 を手動で入力した。
Cipher suite , session id なども表示されるし結構使えそう

-reconnect セッションIDを使用

# openssl s_client -host 127.1 -port 443 -state -prexit -reconnect
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
i:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDDTCCAnagAwIBAgIJAMJwWXsMGXqAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
BAYTAkpQMQ0wCwYDVQQIEwR0ZXN0MQ0wCwYDVQQHEwR0ZXN0MQ0wCwYDVQQKEwR0
ZXN0MQ0wCwYDVQQLEwR0ZXN0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wHhcN
MDkxMjAyMTEyODMxWhcNMTAxMjAyMTEyODMxWjBjMQswCQYDVQQGEwJKUDENMAsG
A1UECBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UE
CxMEdGVzdDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCxrGpZNmMmtIcg2uLE0yyotpickrJtgX/RxCIVHzeU0F3k
DT3QqvFqUFXo0RxXhZnKuyYfnZ0qnCbZ8sy60SL/+LGh1AGozsNYTlaCNz1EwkTq
TA0KwpzCn09v3p/VtXUrF9tGssuSLeQB/W1wbeIf0dCtjPn0zE01yco68wF6lQID
AQABo4HIMIHFMB0GA1UdDgQWBBRo75XE4Idmihu76PS8FN+vDs/bUzCBlQYDVR0j
BIGNMIGKgBRo75XE4Idmihu76PS8FN+vDs/bU6FnpGUwYzELMAkGA1UEBhMCSlAx
DTALBgNVBAgTBHRlc3QxDTALBgNVBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTAL
BgNVBAsTBHRlc3QxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbYIJAMJwWXsMGXqA
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMwsKRdjQktL5Kg3FYTkz
sINfprk28yX68X8TDq4Ly7pJvKbAMexSro095+ki+EZaBMP8EIW3/Tu1RHlHmnQ5
rTwSGhfWbytffbuTvqmT6qvLUOUCk5nHhvZBJbrUnGVSrpQHTLtq9kcdS04tmfDA
RQbY/iN8OaYLXyAoJt/rJkI=
-----END CERTIFICATE-----
subject=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
issuer=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
No client certificate CA names sent
---
SSL handshake has read 1349 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
GET / HTTP/1.0

HTTP/1.1 200 OK
Date: Wed, 02 Dec 2009 18:30:08 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 01 Dec 2009 18:20:06 GMT
ETag: "2a82d-6-ceb3c180"
Accept-Ranges: bytes
Content-Length: 6
Connection: close
Content-Type: text/html; charset=UTF-8
X-Pad: avoid browser bug

hello
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
---
Certificate chain
0 s:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
i:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDDTCCAnagAwIBAgIJAMJwWXsMGXqAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
BAYTAkpQMQ0wCwYDVQQIEwR0ZXN0MQ0wCwYDVQQHEwR0ZXN0MQ0wCwYDVQQKEwR0
ZXN0MQ0wCwYDVQQLEwR0ZXN0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wHhcN
MDkxMjAyMTEyODMxWhcNMTAxMjAyMTEyODMxWjBjMQswCQYDVQQGEwJKUDENMAsG
A1UECBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UE
CxMEdGVzdDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCxrGpZNmMmtIcg2uLE0yyotpickrJtgX/RxCIVHzeU0F3k
DT3QqvFqUFXo0RxXhZnKuyYfnZ0qnCbZ8sy60SL/+LGh1AGozsNYTlaCNz1EwkTq
TA0KwpzCn09v3p/VtXUrF9tGssuSLeQB/W1wbeIf0dCtjPn0zE01yco68wF6lQID
AQABo4HIMIHFMB0GA1UdDgQWBBRo75XE4Idmihu76PS8FN+vDs/bUzCBlQYDVR0j
BIGNMIGKgBRo75XE4Idmihu76PS8FN+vDs/bU6FnpGUwYzELMAkGA1UEBhMCSlAx
DTALBgNVBAgTBHRlc3QxDTALBgNVBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTAL
BgNVBAsTBHRlc3QxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbYIJAMJwWXsMGXqA
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMwsKRdjQktL5Kg3FYTkz
sINfprk28yX68X8TDq4Ly7pJvKbAMexSro095+ki+EZaBMP8EIW3/Tu1RHlHmnQ5
rTwSGhfWbytffbuTvqmT6qvLUOUCk5nHhvZBJbrUnGVSrpQHTLtq9kcdS04tmfDA
RQbY/iN8OaYLXyAoJt/rJkI=
-----END CERTIFICATE-----
subject=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
issuer=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
No client certificate CA names sent
---
SSL handshake has read 489 bytes and written 379 bytes
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
#