Robert H. Osborne
  • Home
    • The B.T.P.S Sec Pack
    • YouTube Channel
    • Certifications
    • HTB Profile
    • PS Gallery
    • BHack 2020 Presentation
    • Securing LDAP over SSL
    • Securing FTPS Windows
    • Securing WinRM over HTTPS
    • Securing FTPS Linux
    • Securing DNS
    • Securing SSH
    • Learning Vim
    • Learn Tmux
    • Learn Windows Terminal
    • Learn ConEmu
    • Not Intutive PS Behavior
    • Searching Event Logs
    • Write PowerShell Cmdlets
    • POO (Endgame)
    • Xen (Endgame)
    • Feline
    • Jewel
    • Doctor
    • Worker
    • Compromised
    • Omni
    • OpenKeyS
    • Unbalanced
    • SneakyMailer
    • Buff
    • Intense
    • Fuse
    • Tabby
    • Blunder
    • Dyplesher
    • Cache
    • Blackfield
    • Travel
    • Admirer
    • Multimaster
    • Remote
    • Quick
    • Magic
    • Book
    • Traceback
    • Cascade
    • Sauna
    • ForwardSlash
    • ServMon
    • PalyerTwo
    • Nest
    • Monteverde
    • Resolute
    • Rope
    • Patents
    • Mango
    • Obscurity
    • OpenAdmin
    • Postman
    • Control
    • Traverxec
    • Registry
    • BankRobber
    • Sniper
    • Forest
    • Zetta
    • RE
    • Player
    • Smasher2
    • JSON
    • Scavenger
    • AI
    • Heist
    • Craft
    • BitLab
    • Wall
    • Writeup
    • Luke
    • Bastion
    • HelpLine
    • HackBack
    • Conceal
    • CTF
    • Querier
    • Friendzone
    • Fortune
    • Netmon
    • Get HTB Invite Code
    • Enumeration
    • Pivoting Proxies
    • File Transfer
    • PrivEsc
    • Credentials
    • Firewall
    • WiFi Password Cracking
    • SSDP Spoofing
    • Ettercap Spoofing
    • ARP and DNS Spoofing
    • PowerShell Tools
    • AppLocker Bypass
    • SUID Notes
    • PHP Wrappers
    • SQL Injections
    • Certificates
    • Chroot Jail
    • Services
    • Reverse Shells
    • TTY Shell
  • Privacy Policy
  • Contact Us
Robert H. Osborne
  • Home
  • Privacy Policy
  • Contact Us

CERTIFICATE COMMANDS

Certificates and OpenSSL

Certificate Commands
Convert pUTTy ppl file to a hash for cracking with John The Ripper

putty2john private.ppk > private.hash


Convert a Password Protected SSH Key to a John The Ripper Hash for Cracking

/usr/share/john/ssh2john.py ~/.ssh/id_rsa > id_rsa.hash



Create a Signing Request Using A Domains CA


1.) Create Key and Certificate Signing Request:

openssl req -newkey rsa:4096 -keyout <user key> -out <user csr> -nodes -days 365 -subj "/CN=<name>"`


2.) Sign CSR With CA:

openssl  x509 -req -in <user csr> -CA <ca cert> -CAkey <ca  key> -out <signed user cert> -set_serial 01 -days 365


3.) Convert To PKCS12 For Use In Browsers As Client Certificate:

openssl pkcs12 -export -clcerts -in <signed user cert> -inkey <user key> -out <user>.p12


USEFUL COMMANDS

Generate Private Key

openssl genrsa -out yourdomain.key 2048



View Private Keys Contents

openssl rsa -text -in yourdomain.key -noout


Extract Public Key

openssl rsa -in yourdomain.key -pubout -out yourdomain_public.key


Create Signing Request

openssl req -new -key yourdomain.key -out yourdomain.csr

OR

openssl req -new \
-newkey rsa:2048 -nodes -keyout yourdomain.key \
-out yourdomain.csr \
-subj "/C=US/ST=Utah/L=Lehi/O=Your Company, Inc./OU=IT/CN=yourdomain.com"


VERIFY CSR

openssl req -text -in yourdomain.csr -noout -verify


VIEW CONTENTS OF CERTIFICATE

openssl x509 -text -in yourdomain.crt -noout


VERIFY KEYS MATCH

openssl rsa -modulus -in yourdomain.key -noout | openssl sha256

AND

openssl req -modulus -in yourdomain.csr -noout | openssl sha256

AND

openssl x509 -modulus -in yourdomain.crt -noout | openssl sha256


GENERATE SELF SIGNED CERT

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt


CREATE CSR FOR EXISTING PRIVATE KEY

openssl req -out CSR.csr -key privateKey.key -new


GENERATE SIGNING REQUEST ON EXISTING CERTIFICATE

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key


REMOVE PASSWORD FROM PRIVATE KEY

openssl rsa -in privateKey.pem -out newPrivateKey.pem


USE OPENSSL TO CHECK CONNECTION

openssl s_client -connect roberthosborne.com:443


================================

CONVERSIONS

================================

PEM to PKCS12

openssl pkcs12 -export -name "yourdomain-digicert-(expiration date)" \
-out yourdomain.pfx -inkey yourdomain.key -in yourdomain.crt



PKCS12 to PEM

openssl pkcs12 -in yourdomain.pfx -nocerts -out yourdomain.key -nodes



Extract Certificate from PKCS12 and Convert It To PEM

openssl pkcs12 -in yourdomain.pfx -nokeys -clcerts -out yourdomain.crt



PEM to DER

openssl x509 -inform PEM -in yourdomain.crt -outform DER -out yourdomain.der



PEM Private to DER Private

openssl rsa -inform PEM -in yourdomain.key -outform DER -out yourdomain_key.der



DER to PEM

openssl x509 -inform DER -in yourdomain.der -outform PEM -out yourdomain.crt



DER Private to PEM Private

openssl rsa -inform DER -in yourdomain_key.der -outform PEM -out yourdomain.key

Copyright © 2020 Robert H. Osborne - OsbornePro LLC.

  • Privacy Policy

Cookie Policy

If accepted the cookies on this site are used for my own interest in who is viewing the site. I will not profit off of this information in any way.

DeclineAccept & Close