need help on implementing ssl

dianarani · 07-17-2007, 04:56 AM

Hello Everybody,
Please help me with good links to understand the basic concept and procedure of 'how to implement ssl'.Any brainstorms are appreciatable.

Thanks,

jschiwal · 07-17-2007, 06:00 AM

You could start with the documentation that came with ssl. It is a collection of programs. Even "openssl" has many subprograms. You can use "openssl command --help" to get more detailed help.

Code:

openssl crl help
unknown option help
usage: crl args

 -inform arg     - input format - default PEM (DER or PEM)
 -outform arg    - output format - default PEM
 -text           - print out a text format version
 -in arg         - input file - default stdin
 -out arg        - output file - default stdout
 -hash           - print hash value
 -fingerprint    - print the crl fingerprint
 -issuer         - print issuer DN
 -lastupdate     - lastUpdate field
 -nextupdate     - nextUpdate field
 -noout          - no CRL output
 -CAfile  name   - verify CRL using certificates in file "name"
 -CApath  dir    - verify CRL using certificates in "dir"
 -nameopt arg    - various certificate name options

There is an O'Reilly book on OpenSSL.

Also, look at the manpages that come with the openssl package:

Code:

/usr/share/man/man1/ca.1ssl.gz
/usr/share/man/man1/crl.1ssl.gz
/usr/share/man/man1/crl2pkcs7.1ssl.gz
/usr/share/man/man1/dgst.1ssl.gz
/usr/share/man/man1/dhparam.1ssl.gz
/usr/share/man/man1/dsa.1ssl.gz
/usr/share/man/man1/dsaparam.1ssl.gz
/usr/share/man/man1/enc.1ssl.gz
/usr/share/man/man1/gendsa.1ssl.gz
/usr/share/man/man1/genrsa.1ssl.gz
/usr/share/man/man1/nseq.1ssl.gz
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man1/passwd.1ssl.gz
/usr/share/man/man1/pkcs12.1ssl.gz
/usr/share/man/man1/pkcs7.1ssl.gz
/usr/share/man/man1/pkcs8.1ssl.gz
/usr/share/man/man1/rand.1ssl.gz
/usr/share/man/man1/req.1ssl.gz
/usr/share/man/man1/rsa.1ssl.gz
/usr/share/man/man1/rsautl.1ssl.gz
/usr/share/man/man1/s_client.1ssl.gz
/usr/share/man/man1/s_server.1ssl.gz
/usr/share/man/man1/smime.1ssl.gz
/usr/share/man/man1/spkac.1ssl.gz
/usr/share/man/man1/verify.1ssl.gz
/usr/share/man/man1/version.1ssl.gz
/usr/share/man/man1/x509.1ssl.gz
/usr/share/man/man3/crypto.3ssl.gz
/usr/share/man/man3/dsa.3ssl.gz
/usr/share/man/man3/rand.3ssl.gz
/usr/share/man/man3/rsa.3ssl.gz
/usr/share/man/man3/ssl.3ssl.gz
/usr/share/man/man3/x509.3ssl.gz
/usr/share/man/man5/config.5ssl.gz

Many of the manpages include something I wish all manpages had; examples!

Code:

EXAMPLES
       To remove the pass phrase on an RSA private key:

        openssl rsa -in key.pem -out keyout.pem

       To encrypt a private key using triple DES:

        openssl rsa -in key.pem -des3 -out keyout.pem

       To convert a private key from PEM to DER format:

        openssl rsa -in key.pem -outform DER -out keyout.der

       To print out the components of a private key to standard output:

        openssl rsa -in key.pem -text -noout

       To just output the public part of a private key:

        openssl rsa -in key.pem -pubout -out pubkey.pem