Verify if numbers are prime:
$ openssl prime 119054759245460753 1A6F7AC39A53511 is not prime $
Encrypt a file with your favorite cipher:
openssl list-cipher-commands
base64 encode a file
openssl enc -base64 -in file.txt
Generate a shadow-style password hash:
$ openssl passwd -1 MySecret $1$sXiKzkus$haDZ9JpVrRHBznY5OxB82. $
Many others. I never knew it could do some much. Thanks madboa.com.
Also, I played around with openssl while updating certificates for about 30 web servers. I was able to check that the new cert was installed correctly on all of the hosts easily looking at that host's SSL finger prints as served from Apache:
echo EOF | openssl s_client -connect $host:443 -showcerts | openssl x509 -fingerprint -noout -md5The above fits well into a bash loop which can be run before and after you replace the certs:
for x in `cat vhosts.txt`; do
echo "vhost: $x";echo EOF | openssl \
s_client -connect $x:443 -showcerts \
| openssl x509 -fingerprint -noout \
-md5;
done
| egrep "vhost|Fingerprint" > finger_prints.txt
You can then diff the finger prints files to verify that they're what you're expecting them to be.
No comments:
Post a Comment