Read(ing) it. Recommend it.
The Phoenix Project – Gene Kim et al.
Site Reliability Engineering – Beyer et al.
DevSecOps – Glenn Wilson.
Scrum Master – Joe Justice.
The Singularity Is Near – Ray Kurzweil.
Category: Post
Working with Digital Certificates
On Ubuntu 20.
Digital certificates are a fundamental part of modern security. They assist in proving athenticity, meaning they help prove something, or someone, is who they claim to be.
File Formats (PFX & PKCS #12)
Certificates are stored and transferred as files.
Wikipedia explains the file types well:
“In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.”
“PKCS #12 is the successor to Microsoft‘s “PFX”;[5] however, the terms “PKCS #12 file” and “PFX file” are sometimes used interchangeably.”
– https://en.wikipedia.org/wiki/PKCS_12
View File Contents
certutil -dump filename.pfx
openssl.exe pkcs12 -info -in c:\temp\cert.pfx
# For help: openssl pkcs12 -help
Extract Certificate
# -clcerts = only output client certificate
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
# -cacerts = only output CA certificates
openssl pkcs12 in [yourfile.pfx] -cacerts -nokeys -out [drlive.bundle]
Extract Private Key
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]
openssl rsa -in [drlive.key] -out [drlive-decrypted.key]
Create Intermediate Certificate Bundle
From PFX file:
# -cacerts = only output CA certificates
openssl pkcs12 in [yourfile.pfx] -cacerts -nokeys -out [drlive.bundle]
From CRT files:
Check Certificate
openssl x509 -in certname.crt -text -noout
Check Key
openssl rsa -in keyname.decrypted.key -check
Check Key Matches Certificate
MD5 output values should be matching:
openssl x509 -noout -modulus -in certname.crt | openssl md5
openssl rsa -noout -modulus -in keyname.decrypted.key | openssl md5
Test a Live Site Certificate
openssl s_client example.com:443
Hello Universe!
Welcome to Dev-Doc-Ops!
It’s a space for Engineering Technologists, focusing on how to work with modular, open-source, & service-oriented architectural building-blocks, to create modern platforms for digital services.
Core interests & practices:
Public cloud hosting (mainly AWS), Microservices/SOA/REST API, DevOps delivery, Agile/SCRUM ways of working, Cyber Security/DevSecOps practices, GitOps.
There are likely to be posts on other interesting topics too; the common thread being technology & engineering.
Dev-Doc-Ops 