Expressive with experience,Correction and goal is always in mind

Very recently I started blogging wanted to share my own experience to make my self better and better

Friday, May 20, 2011

Debugging SSL

Well very recently I took pain of debugging ssl certificates in java environment and thought of keeping something in my blog to make some one's life easy.very often we run into problems of bad certificate errors on SSL clients(java,.Net etc)..This guide will help you to debug certificates errors using open ssl utility.
So here is what I went through to debug ssl connection :

So what you require :

So what you need to configure :
  • Create a OPENSSL_HOME environment variable and set it's value to installable directory.
  • Append OPENSSL_HOME/bin to System Path Variable.
  • To Test your Installation go to command prompt and type openssl --help

All set now real magic starts....

Certificate Installation :
  • Copy signed / self signed certificate into local drive
  • If signed certificate in pfx(.p12,.pfx) format convert to pem format using following commands :
    • openssl pkcs12 -in %local_drive%/xxx.yyy.p12 -out client_certs.pem
  • Enter Import password provided by certificate provider.
  • Extract private key contents from client_certs.pem by copying contents ends till END ENCRYPTED      PRIVATE KEY--- and save it into client.key fille
  • If signed certificate in pem format(.pem,.crt,.cer,)
    • Extract private key contents from client_certs.pem by copying contents ends till END ENCRYPTED PRIVATE KEY--- and save it into client.key file

Certificate Configuration :
  • Extract each certificate from client_certs.pem ends with ---END CERTIFICATE-- in separate pem file.(remember self signed certificate comes with many certificate in it.
  • Check the modulus of private key using command : openssl rsa -in client.key -noout --modulus
  • Check the modulus of pem file using following command : openssl x509 -in *.pem -noout --modulus 
  • Pick only pem file which has the same modulus as private key for making connection with openssl and save it as client.pem

Certificate Verification :
  • Run following command to make an ssl connection with message bus :
    • openssl s_client -connect mqurl:mqport -cert client.pem -key client.key

So now you have debugged SSL connection and ready to set for making connection with any clients.HORRAY!!!!!!!