[openssl-users] Testing ports through firewall

[Jakob Bohm]

On 21/12/2017 14:36, warron.french wrote:
> Hello Community, and Merry Christmas/Happy Seasons Greetings,
>    anyway, I need some help with understanding an openssl feature - 
> *s_server*.
>
> I executed the following command: openssl s_server -accept 21937 -www &
> And immediately got the following output:
> [1] 3286
> [sysadm at wfrench-rhel6c-cit ~]$ Error opening server certificate 
> private key file server.pem
> 140679739017032:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:398:fopen('server.pem','r')
> 140679739017032:error:20074002:BIO routines:FILE_CTRL:system 
> lib:bss_file.c:400:
> unable to load server certificate private key file
>
> In order to test ports that are not encrypted with SSL/TLS do I still 
> have to generate a certificate and private key file (each)?
>
> I would like to test ports from one machine using openssl s_client 
> against a remote machine on an opposing network, running a "listener", 
> using openssl s_server.
>
> Perhaps I am way off?  I am not allowed to use openssl for this sort 
> of thing?
> Any guidance would be greatly appreciated because I want to expand my 
> understanding of the openssl suite of commands and its offerings.
>
>
Any normal SSL/TLS server needs a certificate.  For testing the
certificate doesn't have to be "real" (from a trusted public CA).
A dummy certificate for a server named "computer.example.com" can
be generated using the command:

openssl req -x509 -days 365 -newkey:rsa:2048 -nodes -keyout server.key 
-out server.pem -subj /CN=computer.example.com/O=test/C=US


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded