Connect to the server using s_client and download the certificate to cert.txt
openssl s_client -connect server:port > cert.txt
Verify the expiry date from the downloaded certificate
openssl x509 -in cert.txt -noout -enddate
Date | Event |
---|---|
1984 | |
January 1984 | Richard Stallman quits his job at MIT and starts working on the GNU Project. |
1985 | |
Month unknown | Free Software Foundation, an organization for creating and promoting free software, is founded by Richard Stallman. |
March 1985 | The GNU manifesto, a statement by Richard Stallman advocating the cause of free software movement, is published in the March 1985 issue of Dr. Dobb's Journal |
1991 | |
August 25 1991 | Linus conceives the idea of Linux and announces the project in a Usenet Post |
September 1991 | Version 0.01 is released on the Net |
1992 | |
January 1992 | First Linux Newsgroup: alt.os.linux founded in the UseNet |
April 1992 | Ari Lemmke starts the popular Linux newsgroup comp.os.linux in the UseNet |
November 1992 | Adam Richter announces the release of the first Linux Distribution from his company: Yggdrasil |
1993 | |
June 1993 | Slackware, the famous Linux distribution is released by Peter Volkerding |
August 1993 | Matt Welsh releases Linux Installation and getting started: version 1 |
1994 | |
March 1994 | Linux kernel version 1.0 is released |
Ohhhh Goodness......!
So though of sharing some information ( commands rather which I commonly use) on it..
This world is no more secure....! . Especially when it comes to communication, needs to be more cautious.
To protect information passed to and from a web site we use encryption using SSL/TLS. we need a way to certify the identity of either the client or the server or the both (in the case of two way SSL) . The client can authenticate using using a username and password, but the server needs some mechanism to prove that the information you are sending to it actually ends up in the right hands.
Take the case of a credit card transaction. We need to know that we are communicating to the correct party and that the information we are passing are transmitted in a secure way and also that the the message is not tampered. HTTPS solves the above problems. It guarantees the identity of the server (and optionally, also the identity of the client) through the usage of certificates as well as provide encryption for the communication.
PKI - Every entity is associated with one public and one private key. When two entities communicate both parties use their own private key and their counterparts use the public key, to make sure that only the two entities can talk to each other.
A public key is essentially a publically available number associated with a particular entity, and everyone who is supposed to communicate securely with the entity should know this number.
A private key is also a number, but one that is kept a secret. In a typical public key crypto system, such as DSA, a private key corresponds to exactly one public key.
Only the private key can be used to create a signature, but the public key can be used to verfiy the signature. This means that the private/public key combination means that an entity can guarantee that it knows its private key without giving away what it is.
"keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers."
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. Java Keytool stores the keys and certificates in what is called a keystore. A Keytool keystore contains the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.
Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it. Then you will import the certificate to the keystore including any root certificates.
Below, we have listed the most common Java Keytool keystore commands and their usage:
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.
keytool -certreq -alias "mydomain" -keystore keystore.jks -file mydomain.csr
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
keytool -genkey -keyalg RSA -alias "selfsigned" -keystore keystore.jks -storepass "password" -validity 360
If you need to check the information within a certificate, or Java keystore, use these commands.
keytool -printcert -v -file mydomain.crt
keytool -list -v -keystore keystore.jks
keytool -list -v -keystore keystore.jks -alias mydomain
keytool -delete -alias "mydomain" -keystore keystore.jks
keytool -storepasswd -new new_storepass -keystore keystore.jks
keytool -export -alias mydomain -file mydomain.crt
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts