I'm trying to convert a bash script for Linux to run in Windows batch as well. Amongst several commands, there is also an OpenSSL command which reads a certificate from an https server and stores it in a variable. The bash command is:
openssl s_client -showcerts -connect $SERVER_IP:443/login </dev/null 2>/dev/null|openssl x509 -outform PEM > mycertfile.pem
I've installed OpenSSL in my Windows machine from here. I prefered the "Win64 OpenSSL v1.1.0e Light" version of OpenSSL.
How is this command transferred to Windows logic? Any ideas?
Related
My requirement is to create RSA private key file from certificate file (.crt extention file). Openssl installed in my system and I also set the environment variable in "PATH". Unfortunately, while I am executing the command in CMD it's not working... The response getting in the CMD is
The command I am executing in CMD
openssl pkcs12 -in myfile.crt -nocerts -out keyFile.key
The response is
pkcs12: Use -help for summary.
I am not familiar with Openssl, Not found a correct solution yet. If any help, it will be appreciated.
Thanks in advance.
I am using windows openssl version 3.0.1 14. The issue is when the file name has non-English character, it failed to encrypt the file with below error:
C:\Users\XXX\Desktop>openssl aes-256-cbc -e -salt -in "C:\Users\XXX\Desktop\test\试试.txt" -out "C:\Users\XXX\Desktop\test\ENCRYPTING.txt" -k 12230000000000000000000000000000 -iv F1230000000000000000000000000000
Can't open "C:\Users\XXX\Desktop\test\??.txt" for reading, Invalid argument
B8280000:error:8000007B:system library:BIO_new_file:Unknown error:crypto\bio\bss_file.c:67:calling fopen(C:\Users\lishi\Desktop\test\??.txt, rb)
B8280000:error:10080002:BIO routines:BIO_new_file:system lib:crypto\bio\bss_file.c:77:
The terminal I use is Windows command prompt, I verified that this Chinese file can be opened successfully in cmd using issuing:
C:\Users\XXX\Desktop>notepad C:\Users\XXX\Desktop\test\试试.txt
Any configuration things I need to do in openssl side to support utf8?
I am following a tutorial where they run openssl commend.
I am trying to run openssl command
openssl s_client -connect ldap.domain.com:454 -showcerts 2>/dev/null | openssl x509 -out certfile.txt
But it does not work in window cmd, I get this error message
The system cannot find the path specified
I don't understand what the problem is?
The path /dev/null is a unix-path. It doesn't exist on windows systems.
I am trying to use openssl to get a certificate, and it seems to keep hanging. I have done a lot of research but not all of the available options seem to work on Windows.
openssl s_client -showcerts -connect google.com:443 > cert.txt
I have tried this:
openssl s_client -connect xyz:443 < quit.txt > cert.txt
Where quit.txt contains "quit\n"
from http://bytes.com/topic/php/answers/8802-automate-openssl-s_client-command-batch-php-script
That did not work. I also looked at Openssl s_clinet -connect scripting. Force quit help
I have also tried -prexit
I have also looked into this as well and can't get it working:
https://serverfault.com/questions/139728/how-to-download-ssl-certificate-from-a-website
I was doing so well! I managed to do something that I thought would be impossible and a simple thing like this bug managed to stop me for the time being :(
On windows, simply typing winpty before your openssl command will do the trick. So, for example, you could create a certificate like so:
winpty openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX
It looks like some OpenSSL distributions for Windows are expecting an additional keypress, independant of standard input. Quit.txt gets correctly piped into openssl's STDIN (the server receives QUIT command), but nothing happens until you press any key.
This problem does not exist in Cygwin's version of OpenSSL. Unfortunatly base installation of Cygwin takes about 100 MB of disk space, but you can try to extract only openssl.exe and required libraries.
This method works:
echo QUIT | c:\cygwin\bin\openssl.exe s_client -showcerts -connect google.com:443 > cert.txt
If running under mingw64 on windows you can use the winpty program to correctly wrap the terminal
Eg creating alias under bash
alias openssl='winpty openssl.exe'
Then
openssl s_client -connect blah
Should work as expected
For reasons i do not completeley understand, echoing QUIT or quit\n into the input did not work in my case. I'm using MINGW64 with OpenSSL 1.0.2d on Windows 8.1, and i'm using openssl to get certificates from servers inside a bash script. However, just running the openssl command in background and waiting a bit worked for me:
#!/bin/bash
openssl s_client -connect my.server.com:443 -showcerts > output.txt 2>/dev/null &
sleep 2
Instead of going to Extension Builder > Build Package…, I'd like to built a .safariextz package from the MyExtension.safariextension folder.
I know I can unpack an extension with xar -xf. I suspect the way back involves packing it with xar, but then I'll need to do the code signing thing, which may or may not involve codesign(1).
Here are Omar Ismail's instructions, omitting the need for separate shell scripts. This will all occur in a directory safari/, where we will be signing the directory safari/appname.safariextension/ to become the extension safari/appname.safariextz. The first thing is to sign the extension the official way, with Extension Builder's Build Package.
Set up Xar:
1. Download and unzip/untar
https://github.com/downloads/mackyle/xar/xar-1.6.1.tar.gz
to wherever you want the executable xar-1.6.1 (xar 1.6dev doesn't support the options we need)
2. in xar-1.6.1/
./configure
make
sudo make install
sudo ln -s /full/path/to/xar-1.6.1/src/xar /usr/local/bin/xar161
Set up your certificates:
1. in safari/
mkdir certs/
xar161 -f appname.safariextz --extract-certs certs/
2. open Keychain Access and export your Safari Developer certificate to safari/certs/certs.p12 (use a blank password for certs.p12, and then use your Mac's password to export the cert)
3. in safari/certs/
openssl pkcs12 -in certs.p12 -nodes | openssl x509 -outform der -out cert.der
(same blank password)
openssl pkcs12 -in certs.p12 -nodes | openssl rsa -out key.pem
(same blank password)
openssl dgst -sign key.pem -binary < key.pem | wc -c > size.txt
It's possible that you can get the certificates from certs/cert.p12, and not need the --extract-certs step (and hence not need the extension built the official way), but I don't know openssl well enough, and it's only for the set up that you need that step anyway.
Once everything is set up, to sign the extension:
In safari/
xar161 -czf appname.safariextz --distribution appname.safariextension/
xar161 --sign -f appname.safariextz --digestinfo-to-sign digest.dat --sig-size `cat certs/size.txt` --cert-loc certs/cert.der --cert-loc certs/cert01 --cert-loc certs/cert02
openssl rsautl -sign -inkey certs/key.pem -in digest.dat -out sig.dat
xar161 --inject-sig sig.dat -f appname.safariextz
rm -f sig.dat digest.dat
This was all on a 2006 Snow Leopard MacBook, so it's possible things may be different on a machine that's more up to date.
Looks like there is a way to patch XAR with a signature option. http://code.google.com/p/xar/issues/detail?id=76#c0