TLS cheatsheet

Create your own TLS certificate

export DOMAIN=security.local

openssl req -x509 -newkey rsa:2048 \
    -keyout "${DOMAIN}.key" \
    -out "${DOMAIN}.crt" \
    -days 365 \
    -nodes -subj "/CN=${DOMAIN}"

Create a simple HTTPS server with openssl s_server

Starting the OpenSSL s_server

openssl s_server -key "${DOMAIN}.key" -cert "${DOMAIN}.crt" -accept 8443 -www

Right now, we’ve got a running secure server on port 8433.

You can test openssl s_server by accessing the following URL in your web browser: https://localhost:8433

Check TLS Certificate

TLS Certificate Expiration Date

echo | openssl s_client \
        -servername mail.svyrydiuk.eu \
        -connect mail.svyrydiuk.eu:993 2>/dev/null \
     | openssl x509 -noout -dates

Output:

notBefore=Aug 28 08:38:52 2021 GMT
notAfter=Nov 26 08:38:51 2021 GMT

STARTTLS Certificate Expiration Date

Submision, SMTP

echo | openssl s_client \
        -servername mail.svyrydiuk.eu \
        -connect mail.svyrydiuk.eu:587 \
        -starttls smtp 2>/dev/null \
     | openssl x509 -noout -dates

Python

If you can establish a connection to the remote server you can use the ssl standard library module:

import ssl
import socket


hostname = 'slavik.svyrydiuk.eu'
context = ssl.create_default_context()
sock = context.wrap_socket(socket.socket(), server_hostname=hostname)
sock.connect((hostname, 443))

cert = sock.getpeercert()