< /dev/null openssl s_client -showcerts [-starttls imap]
-connect
address:port 2>&1 |
filename
sed -ne '/-BEGIN CERFIFICATE-/,/-END CERTIFICATE-/p' > .pem
alternatively, the sed can be
sed -ne '/^Certificate
chain\r\?$/,/^---\r\?$/{/^-----BEGIN
CERTIFICATE-----\r\?$/,/^-----END CERTIFICATE-----\r\?$/p}'
i also had a draft gawk thing that doesn't yet work
gawk --lint -v file=0 -v RS=$'\r\n' -v sta='^-----'
-v fin=' CERTIFICATE-----$' '$0 ~ (sta "END" fin) { ++file }
$0 ~ (sta "BEGIN" fin),$0 ~ (sta "END" fin) { print $0
>> ("folename." file ".pem")}'
( openssl req -x509 -newkey rsa:2048 -keyout
nc_key.pem -out nc_cert.pem -days 100 -nodes
#
just generate key )
openssl s_server -accept 1234 -key nc_key.pem -cert
nc_cert.pem -quiet -naccept +1
openssl s_server -accept 1234 -quiet -naccept +1
#
will want a server.pem
in working directory and also
cert issue
openssl s_server -accept 1234 -nocert -quiet -naccept +1
# how do i client anonymous DH though
openssl s_client -connect 192.168.1.180:1234 -quiet
-no_ign_eof