⇒ This is just a collection of notes, not a structured or comprehensive document. ⇐
X509 Certificates - command line
| cer –> pfx without private key | openssl pkcs12 -export -nokeys -in certificate.cer -out pkcs12.pfx |
| get info about server certificates | openssl s_client -showcerts -servername www.google.com -connect www.google.com:443 |
| detailed tls handshake steps | openssl s_client -connect www.google.com:443 -msg -tlsextdebug |
| verify certificate | certutil.exe -urlfetch -verify certificate.cer |
| dump tls versions and cipher suites | nmap -script ssl-enum-ciphers -p 443 hostname |
| http get with client certificate | curl.exe --insecure https://server/mytest --verbose --cert-type P12 --cert certificate.pfx:password |
- openssl: you can find openssl.exe already installed under “c:\Program Files\Git\usr\bin\openssl.exe”
- certutil: all parameters here https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil