Chort Hates X509

The fastest way I've found to generate X509 certificates

Ever wanted to just generate some certificates really fast without reading through miles of OpenSSL documentation, or taking hours to install off-the-shelf Certificate Authority suites? Yeah, me too. Now you can profit from hours of my frustration so you never have to spend a second more than necessary to do this stupid task in the future

* Put openssl.cnf in /etc/ssl
* Make CA.pl executable ($ chmod +x CA.pl)
* Make sure it has the right path to perl (/usr/bin/perl by default)
* $ ./CA.pl -newca (creates your CA, now you're ready to sign reqs or gen certs)
* $ ./CA.pl -newreq (creates a key and CSR, ./newkey.pem and ./newreq.pem)
* $ ./CA.pl -signreq (signs ./newreq.pem, saves as ./newcert.pem)
* $ ./CA.pl -pkcs12 "some string here" (creates a PKCS#12 formatted file, ./newcert.p12, out of ./newkey.pem and ./newcert.pem)
* The CA cert (to import as a "Trusted Root" to other applications) is at ./demoCA/cacert.pem)
* The signed req (for importing as text or .pem to another application) is at ./newcert.pem
Please e-mail me at

with any suggestions or feedback. Thanks!

README.txt
openssl.cnf
CA.pl

Cipher Audit -- Remotely Discover Supported Ciphers for a Site

Version 0.1 features:
* discover ciphers supported by HTTPS server
* report number of export/low/medium/high grade ciphers supported
* report detailed string of each cipher supported

Planed features:
* support discovery vs. other TLS-endabled services, such as SMTP, FTP, IMAP4, POP3, etc...
* cleanup output, fix typos, etc

Usage:
$ ./cipher-audit.pl somehost

Requirements:
* perl 5.8
* IO::Socket::SSL
* Net::SSLeay

Source:
cipher-audit.pl

Sample output:
[chort@horus4 bin]$ ./cipher-audit.pl mail.google.com
mail.google.com supports 2 EXPORT ciphers!
Ciphers are: EXP-DES-CBC-SHA EXP-RC4-MD5
mail.google.com supports 1 LOW ciphers!
Ciphers are: DES-CBC-SHA
mail.google.com supports 2 MEDIUM ciphers!
Ciphers are: RC4-SHA RC4-MD5
mail.google.com supports 3 HIGH ciphers!
Ciphers are: AES256-SHA AES128-SHA DES-CBC3-SHA

[chort@horus4 bin]$ ./cipher-audit.pl www.bankofamerica.com
www.bankofamerica.com does NOT support EXPORT ciphers.
www.bankofamerica.com supports 1 LOW ciphers!
Ciphers are: DES-CBC-SHA
www.bankofamerica.com supports 2 MEDIUM ciphers!
Ciphers are: RC4-SHA RC4-MD5
www.bankofamerica.com supports 1 HIGH ciphers!
Ciphers are: DES-CBC3-SHA

Have fun :)

This site © copyright 2003-2008 Brian Keefer. Opinions expressed on this site are my own and do not reflect those of my employer.