Results 1 to 7 of 7

Thread: openssl server

  1. #1
    Member
    Join Date
    Feb 2008
    Posts
    74

    Default openssl server

    Hi,

    Firstable, I am using BT5 on vmware in a standalone machine. I am trying to setup a SSL server to capture requests on port 443. I am using the following command -> "openssl s_server -accept 443 -www". However, I get an error indicating that it can't find the server.pem. I google how to create the certs, but it is not clear if the machine needs to have access to the internet or not in order to create the server.pem? I was able to create all other certs (privkey.pem, server.csr, etc) but not the server.pem. If BT5 needs to access the internet for this, is there any other way of creating that cert that won't required internet access?
    Last edited by algemy; 09-29-2011 at 12:43 PM.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: openssl server

    Why haven't you simply tried creating server.pem without internet access?

    I've never done it but I'm 90% sure you don't need internet access to generate the needed keys. However it seems fairly easy to come to 100% answer yourself.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned their ISO
    Join Date
    Sep 2011
    Location
    Matrix
    Posts
    18

    Default Re: openssl server

    Hello,

    Here you will find the answer =)

    Have a nice Day

  4. #4
    Member
    Join Date
    Feb 2008
    Posts
    74

    Default Re: openssl server

    Thorin, I did try unsuscesfully. The following were the commands I used:
    openssl req -config /etc/ssl/openssl.cnf -new -out server.csr
    openssl rsa -in privkey.pem -out server.key
    openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
    According to my notes, the first command should have created the privkey.pem, server.csr, and server.pem. It only created the first two but not the privkey.pem.

    Bambuka, I'll check it out.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: openssl server

    None of the commands you've list deal with server.pem so of course it hasn't been created you never told anything to create it.

    It seems you have all the pieces that you need though.

    server.csr -> Your certificate signing request
    privkey.pem -> Your encrypted private key
    server.key -> Your un-encrypted private key
    server.crt -> Your certificate

    I'm guessing that you didn't follow the instructions you started with exactly or that you're getting caught up in specific details from one instruction set or another that aren't identical to what you've done in the end. i.e.: You've looked at instruction sets A and B. In A you created privkey.pem and in B it refers to that as server.pem or something like that.....
    Last edited by thorin; 10-03-2011 at 03:17 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: openssl server

    Code:
    openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
    It's been a while since I generated a certificate so I looked this up (openssl x509 -help) - is it that hard to read the man page and discover that the file specified by "-out" is your generated certificate... and if you really wanted to get advanced that the switch "-outform" will give you an output format of your choosing... with a default of PEM... which, if you follow me here boys and girls, means that server.crt is actually a differently named server.pem, by virtue of being the specified output file with the default formatting.

    There are manual pages. Read them. We all had to, to learn. If you pick up the habit now, it makes things a hell of a lot easier later on.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Member
    Join Date
    Feb 2008
    Posts
    74

    Default Re: openssl server

    The link that bambuka provided, help to generate the server.pem. I got the SSL server setup by running the following command "openssl s_server -accept 443 -cert /etc/ssl/certs/server.pem -www". I had to specify the location of the server.pem certificate because it kept failing with some error indicating it couldn't find it, if I didn't.

    Gitsnik, I did read the man files, and I knew that the "-out" indicated the certificate that was being generated. However, I couldn't find an explanation indicating what was needed to create this certificate ("xx.pem"). According to the documentation I mentioned above, indicated that the "pem" certificate is encrypted. Also, the manual pages don't tell that you need to generate some certificates or which ones are before you can use openssl as a server.

    Thank you for your help

Similar Threads

  1. Replies: 2
    Last Post: 11-30-2010, 11:55 PM
  2. Metasploit Framework - Server Started - No Server Started
    By mcurran in forum Beginners Forum
    Replies: 1
    Last Post: 02-07-2010, 01:11 AM
  3. vnc server
    By purehate in forum OLD BackTrack v2.0 Final
    Replies: 11
    Last Post: 05-03-2009, 06:59 AM
  4. VMware Server and Windows Server 2003
    By Zo7779 in forum OLD General IT Discussion
    Replies: 3
    Last Post: 05-08-2008, 05:53 AM
  5. openssl determination
    By crate in forum OLD Pentesting
    Replies: 3
    Last Post: 04-07-2008, 07:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •