to check serial zone:
====================================================
dig +multi testing.org soa
; <<>> DiG 9.11.5-P1 <<>> +multi testing.org soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 28545="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b6fcdd45fb00359c3dcc25225c3d11bdcd75b2a4c9c328a5 (good)
;; QUESTION SECTION:
;testing.org. IN SOA
;; ANSWER SECTION:
testing.org. 600 IN SOA ns39.domaincontrol.com. dns.jomax.net. (
2017081800 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
600 ; minimum (10 minutes)
)
;; AUTHORITY SECTION:
. 469713 IN NS a.root-servers.net.
. 469713 IN NS f.root-servers.net.
. 469713 IN NS g.root-servers.net.
. 469713 IN NS i.root-servers.net.
. 469713 IN NS m.root-servers.net.
. 469713 IN NS j.root-servers.net.
. 469713 IN NS h.root-servers.net.
. 469713 IN NS e.root-servers.net.
. 469713 IN NS k.root-servers.net.
. 469713 IN NS d.root-servers.net.
. 469713 IN NS l.root-servers.net.
. 469713 IN NS c.root-servers.net.
. 469713 IN NS b.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 556117 IN A 198.41.0.4
b.root-servers.net. 124117 IN A 199.9.14.201
c.root-servers.net. 124117 IN A 192.33.4.12
d.root-servers.net. 124117 IN A 199.7.91.13
e.root-servers.net. 124117 IN A 192.203.230.10
f.root-servers.net. 124117 IN A 192.5.5.241
g.root-servers.net. 124117 IN A 192.112.36.4
h.root-servers.net. 124117 IN A 198.97.190.53
i.root-servers.net. 124117 IN A 192.36.148.17
j.root-servers.net. 124117 IN A 192.58.128.30
k.root-servers.net. 124117 IN A 193.0.14.129
l.root-servers.net. 124117 IN A 199.7.83.42
m.root-servers.net. 124117 IN A 202.12.27.33
a.root-servers.net. 124117 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 124117 IN AAAA 2001:500:200::b
c.root-servers.net. 124117 IN AAAA 2001:500:2::c
d.root-servers.net. 124117 IN AAAA 2001:500:2d::d
e.root-servers.net. 124117 IN AAAA 2001:500:a8::e
f.root-servers.net. 124117 IN AAAA 2001:500:2f::f
g.root-servers.net. 124117 IN AAAA 2001:500:12::d0d
h.root-servers.net. 124117 IN AAAA 2001:500:1::53
i.root-servers.net. 124117 IN AAAA 2001:7fe::53
j.root-servers.net. 124117 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 124117 IN AAAA 2001:7fd::1
l.root-servers.net. 124117 IN AAAA 2001:500:9f::42
m.root-servers.net. 124117 IN AAAA 2001:dc3::35
;; Query time: 61 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Tue Jan 15 00:48:29 EET 2019
;; MSG SIZE rcvd: 919
to view mx
=====================================================
dig testing.org MX
; <<>> DiG 9.11.5-P1 <<>> testing.org MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 23162="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4acc3dbf0e65e9fef34cab265c3d120aea8ec3040158afe7 (good)
;; QUESTION SECTION:
;testing.org. IN MX
;; ANSWER SECTION:
testing.org. 3600 IN MX 10 aspmx2.googlemail.com.
testing.org. 3600 IN MX 5 alt2.aspmx.l.google.com.
testing.org. 3600 IN MX 5 alt1.aspmx.l.google.com.
testing.org. 3600 IN MX 1 aspmx.l.google.com.
testing.org. 3600 IN MX 10 aspmx3.googlemail.com.
;; AUTHORITY SECTION:
. 469636 IN NS f.root-servers.net.
. 469636 IN NS k.root-servers.net.
. 469636 IN NS d.root-servers.net.
. 469636 IN NS i.root-servers.net.
. 469636 IN NS e.root-servers.net.
. 469636 IN NS c.root-servers.net.
. 469636 IN NS h.root-servers.net.
. 469636 IN NS a.root-servers.net.
. 469636 IN NS m.root-servers.net.
. 469636 IN NS b.root-servers.net.
. 469636 IN NS g.root-servers.net.
. 469636 IN NS j.root-servers.net.
. 469636 IN NS l.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 556040 IN A 198.41.0.4
b.root-servers.net. 124040 IN A 199.9.14.201
c.root-servers.net. 124040 IN A 192.33.4.12
d.root-servers.net. 124040 IN A 199.7.91.13
e.root-servers.net. 124040 IN A 192.203.230.10
f.root-servers.net. 124040 IN A 192.5.5.241
g.root-servers.net. 124040 IN A 192.112.36.4
h.root-servers.net. 124040 IN A 198.97.190.53
i.root-servers.net. 124040 IN A 192.36.148.17
j.root-servers.net. 124040 IN A 192.58.128.30
k.root-servers.net. 124040 IN A 193.0.14.129
l.root-servers.net. 124040 IN A 199.7.83.42
m.root-servers.net. 124040 IN A 202.12.27.33
a.root-servers.net. 124040 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 124040 IN AAAA 2001:500:200::b
c.root-servers.net. 124040 IN AAAA 2001:500:2::c
d.root-servers.net. 124040 IN AAAA 2001:500:2d::d
e.root-servers.net. 124040 IN AAAA 2001:500:a8::e
f.root-servers.net. 124040 IN AAAA 2001:500:2f::f
g.root-servers.net. 124040 IN AAAA 2001:500:12::d0d
h.root-servers.net. 124040 IN AAAA 2001:500:1::53
i.root-servers.net. 124040 IN AAAA 2001:7fe::53
j.root-servers.net. 124040 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 124040 IN AAAA 2001:7fd::1
l.root-servers.net. 124040 IN AAAA 2001:500:9f::42
m.root-servers.net. 124040 IN AAAA 2001:dc3::35
;; Query time: 67 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Tue Jan 15 00:49:46 EET 2019
;; MSG SIZE rcvd: 984
to view general data
===============
dig testing.org
; <<>> DiG 9.11.5-P1 <<>> testing.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 51737="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8bf6f94ba2d476208e77567c5c3d124eac274e8a15e2a506 (good)
;; QUESTION SECTION:
;testing.org. IN A
;; ANSWER SECTION:
testing.org. 600 IN A 198.71.233.227
;; AUTHORITY SECTION:
. 469568 IN NS l.root-servers.net.
. 469568 IN NS e.root-servers.net.
. 469568 IN NS d.root-servers.net.
. 469568 IN NS k.root-servers.net.
. 469568 IN NS j.root-servers.net.
. 469568 IN NS m.root-servers.net.
. 469568 IN NS c.root-servers.net.
. 469568 IN NS g.root-servers.net.
. 469568 IN NS f.root-servers.net.
. 469568 IN NS h.root-servers.net.
. 469568 IN NS b.root-servers.net.
. 469568 IN NS a.root-servers.net.
. 469568 IN NS i.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 555972 IN A 198.41.0.4
b.root-servers.net. 123972 IN A 199.9.14.201
c.root-servers.net. 123972 IN A 192.33.4.12
d.root-servers.net. 123972 IN A 199.7.91.13
e.root-servers.net. 123972 IN A 192.203.230.10
f.root-servers.net. 123972 IN A 192.5.5.241
g.root-servers.net. 123972 IN A 192.112.36.4
h.root-servers.net. 123972 IN A 198.97.190.53
i.root-servers.net. 123972 IN A 192.36.148.17
j.root-servers.net. 123972 IN A 192.58.128.30
k.root-servers.net. 123972 IN A 193.0.14.129
l.root-servers.net. 123972 IN A 199.7.83.42
m.root-servers.net. 123972 IN A 202.12.27.33
a.root-servers.net. 123972 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 123972 IN AAAA 2001:500:200::b
c.root-servers.net. 123972 IN AAAA 2001:500:2::c
d.root-servers.net. 123972 IN AAAA 2001:500:2d::d
e.root-servers.net. 123972 IN AAAA 2001:500:a8::e
f.root-servers.net. 123972 IN AAAA 2001:500:2f::f
g.root-servers.net. 123972 IN AAAA 2001:500:12::d0d
h.root-servers.net. 123972 IN AAAA 2001:500:1::53
i.root-servers.net. 123972 IN AAAA 2001:7fe::53
j.root-servers.net. 123972 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 123972 IN AAAA 2001:7fd::1
l.root-servers.net. 123972 IN AAAA 2001:500:9f::42
m.root-servers.net. 123972 IN AAAA 2001:dc3::35
;; Query time: 32 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Tue Jan 15 00:50:54 EET 2019
;; MSG SIZE rcvd: 867
to check if zone exists on the server
###############################
dig @8.8.8.8 testing.org
; <<>> DiG 9.11.5-P1 <<>> @8.8.8.8 testing.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 5191="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;testing.org. IN A
;; ANSWER SECTION:
testing.org. 599 IN A 198.71.233.227
;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jan 15 00:52:38 EET 2019
;; MSG SIZE rcvd: 56
->->->->
Aici veti gasi detalii tehnice despre cum se pot realiza configurari software+ hardware.
Here you can find tehnical details about software/hardware configuration.
luni, 7 ianuarie 2019
Openvpn SSL routines:SSL_CTX_use_certificate:ca md too weak
In new versions of openvpn you can have problems with older certificates (after upgrade).
One of error is: SSL routines:SSL_CTX_use_certificate:ca md too weak.
In this case go to default_md directive from openssl.conf and modify from md5 to sha256. After that recreate all certificates and put again from server/clients.
In this case go to default_md directive from openssl.conf and modify from md5 to sha256. After that recreate all certificates and put again from server/clients.
sâmbătă, 5 ianuarie 2019
How do I verify that a private key matches a certificate? (OpenSSL)
How do I verify that a private key matches a certificate?
To verify that a private key matches its certificate you need to compare the modulus of the certificate against the modulus of the private key.Please follow the below command to view the modulus of the certificate.
openssl x509 -noout -modulus -in server.crt | openssl md5
Now you will receive the modulus something like a77c7953ea5283056a0c9ad75b274b96
Please follow the below command to view the modulus of the private key.
openssl rsa -noout -modulus -in myserver.key | openssl md5
Now you should get the modulus as same as certificate modulus above. i.e a77c7953ea5283056a0c9ad75b274b96
If the modulus of the certificate and the modulus of the private key do not match, then you're not using the right private key. You can either create a brand new key and CSR and send contact support or do a search for all private keys on the system and compare their modulus.
To check the health of your private key you could perform this command:
openssl rsa -noout -check -in privkey.pem
source
Abonați-vă la:
Postări (Atom)