Hi Tim, all, Thus wrote Timothy Little (t...@clawhaven.com):
> I (think that I) have created the certs and keys necessary for SSL > connections between a client and the servers of a MySQL database. But I > can't bring down those servers except to make the change. > Is there a way I can tell if the keys and all the PEMs I'd made are > correctly generated and copied to the right machines via some other utility? > I was hoping to do something like a telnet -ssl-key=blah to-server blah... > So I could test the keys and stuff via telnet or something easy. In addition to openssl verify as suggested in the other mail, you can use the s_server and s_client commands of openssl to test your certificates on actual ssl connections. openssl s_server -cert ./serverCert.pem -key serverKey.pem -www starts a simple web server with your server certificate and private key. You can connect with your browser to https://localhost:4433/ or you call s_client openssl s_client -connect localhost:4433 If you need client certificates, you can call something like openssl s_server \ -cert ./serverCert.pem -key serverKey.pem \ -Verify 2 -CApath /etc/ssl/certs -www The webserver now requests a client certificate and verifies it against the (root) certificates in /etc/ssl/certs, the maximum path len is 2. The man pages for s_server and s_clients have more details about the possible parameters. Hope this helps to get you started, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
