The fastest way I've found to generate X509 certificates
Ever wanted to just generate some certificates really fast without reading through miles of OpenSSL documentation, or taking hours to install off-the-shelf Certificate Authority suites? Yeah, me too.  Now you can profit from hours of my frustration so you never have to spend a second more than necessary to do this stupid task in the future
* Put openssl.cnf in /etc/ssl
* Make CA.pl executable ($ chmod +x CA.pl)
* Make sure it has the right path to perl (/usr/bin/perl by default)
* $ ./CA.pl -newca (creates your CA, now you're ready to sign reqs or gen certs)
* $ ./CA.pl -newreq (creates a key and CSR, ./newkey.pem and ./newreq.pem)
* $ ./CA.pl -signreq (signs ./newreq.pem, saves as ./newcert.pem)
* $ ./CA.pl -pkcs12 "some string here" (creates a PKCS#12 formatted file, ./newcert.p12, out of ./newkey.pem and ./newcert.pem)
* The CA cert (to import as a "Trusted Root" to other applications) is at ./demoCA/cacert.pem)
* The signed req (for importing as text or .pem to another application) is at ./newcert.pem
Please e-mail me at with any suggestions or feedback. Thanks!
README.txt
openssl.cnf
CA.pl
Cipher Audit -- Remotely Discover Supported Ciphers for a Site
Version 0.1 features:
* discover ciphers supported by HTTPS server
* report number of export/low/medium/high grade ciphers supported
* report detailed string of each cipher supported
Planed features:
* support discovery vs. other TLS-endabled services, such as SMTP, FTP, IMAP4, POP3, etc...
* cleanup output, fix typos, etc
Usage:
$ ./cipher-audit.pl somehost
Requirements:
* perl 5.8
* IO::Socket::SSL
* Net::SSLeay
Source:
cipher-audit.pl
Sample output:
[chort@horus4 bin]$ ./cipher-audit.pl mail.google.com
mail.google.com supports 2 EXPORT ciphers!
Ciphers are: EXP-DES-CBC-SHA EXP-RC4-MD5
mail.google.com supports 1 LOW ciphers!
Ciphers are: DES-CBC-SHA
mail.google.com supports 2 MEDIUM ciphers!
Ciphers are: RC4-SHA RC4-MD5
mail.google.com supports 3 HIGH ciphers!
Ciphers are: AES256-SHA AES128-SHA DES-CBC3-SHA
[chort@horus4 bin]$ ./cipher-audit.pl www.bankofamerica.com
www.bankofamerica.com does NOT support EXPORT ciphers.
www.bankofamerica.com supports 1 LOW ciphers!
Ciphers are: DES-CBC-SHA
www.bankofamerica.com supports 2 MEDIUM ciphers!
Ciphers are: RC4-SHA RC4-MD5
www.bankofamerica.com supports 1 HIGH ciphers!
Ciphers are: DES-CBC3-SHA
Have fun :)
This site © copyright 2003-2008 Brian Keefer. Opinions expressed on this site are my own and do not reflect those of my employer.