site map contact us back to main page
picture of tbs certificates
Focus
Alerte OpenSSL/Debian :
TBS Internet refabrique gratuitement les certificats impactés par ce bug et invite ses clients à vérifier si ils sont concernés. Plus de détails...

De nouveaux assistants sont à votre disposition!
TBS Internet a développé deux nouveaux outils pour vous guider dans votre choix de «solutions PKI» ou «certificats utilisateurs».



(Category) FAQ TBS-certificats : (Category) Utiliser un certificat : (Category) Accès web avec authentification forte :
Comment debuger la demande de certificat client avec openssl?
Lorsqu'une connexion SSL est établie, la demande de certificat client peut être effectuée. Mais ce n'est pas obligatoire, elle est bien souvent différée à la demande d'une URL spécifique.

Dans ce cas, il faut utiliser l'option -prexit de la commande openssl s_client pour lui demander un affichage de la session SSL juste avant la fin.

Exemple avec notre site https://testcert.pitux.com/php/testcrypto.php (attention il faut un openssl 0.97 au minimum et il est recommandé avoir actualisé votre base de racine, voir (Xref) Utiliser un client SSL linux / openssl ).

openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexit
La première négociation donne: 
CONNECTED(00000003)
depth=3 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
verify return:1
depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
verify return:1
depth=1 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
verify return:1
depth=0 /C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
verify return:1
---
Certificate chain
 0 s:/C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
 1 s:/C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
 2 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
 4 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgIQaTpdw5u/7x0siOIA5qf/CzANBgkqhkiG9w0BAQUFADCB
yTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxSDBGBgNVBAsTP1Rlcm1zIGFuZCBDb25k
aXRpb25zOiBodHRwOi8vd3d3LnRicy1pbnRlcm5ldC5jb20vQ0EvcmVwb3NpdG9y
eTEYMBYGA1UECxMPVEJTIElOVEVSTkVUIENBMR0wGwYDVQQDExRUQlMgWDUwOSBD
QSBidXNpbmVzczAeFw0wNjAyMDIwMDAwMDBaFw0wNzAyMDMyMzU5NTlaMIHnMQsw
CQYDVQQGEwJGUjEOMAwGA1UEERMFMTQwMTIxETAPBgNVBAgTCENhbHZhZG9zMQ0w
CwYDVQQHEwRDQUVOMRAwDgYDVQQJEwdDRURFWCAxMQ8wDQYDVQQSEwZCUCAyMzcx
FTATBgNVBAoTDFRCUyBJTlRFUk5FVDEUMBIGA1UECxMLSW5mb2dlcmFuY2UxITAf
BgNVBAsTGFByb3ZpZGVkIGJ5IFRCUyBJTlRFUk5FVDEdMBsGA1UECxMUWDUwOSBP
bW5pZG9tYWluZSBUQlMxFDASBgNVBAMUCyoucGl0dXguY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qUf98nqBnu4uSKs1Be3hr1fr4LBllMwLjgC
4vjZhJCro5X7D6kN2JNaLR79pqAbsUc2Lt4cvl7oiiGN+KDMcE0pURjNWyb3XwRs
pe/UAMeivRei5AUCrrHEdJ3RU2n+FFF/Y+GJbiKY2yY6BOFMgmgNf9sqg/tFwx5Q
F45nWhmEntt1zEuv0dAsZ+YHubxQen0DgyvOqDodS3poDB9fGqkttfwTsocSbWQZ
sNEzxZfi2nULq41vAjkXp3XGqyLSsrlLlqA4UQIuR4bw5hcQ92F7CHWK6AdfHY0h
zTX9yPGW4OU56ZYvgdyxLbVshvcQshx/6fIUVCZtp/6w2Qv/HwIDAQABo4IB5jCC
AeIwHwYDVR0jBBgwFoAUGgkEzPkJj7seoM7UpBR/S9UjWM0wHQYDVR0OBBYEFBvr
JGDOHCuK7IT3hWppw+UMQXt4MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBglghkgBhvhCAQEEBAMC
BsAwTAYDVR0gBEUwQzBBBgsrBgEEAYDlNwIBATAyMDAGCCsGAQUFBwIBFiRodHRw
czovL3d3dy50YnMtaW50ZXJuZXQuY29tL0NBL0NQUzEwdwYDVR0fBHAwbjA3oDWg
M4YxaHR0cDovL2NybC50YnMtaW50ZXJuZXQuY29tL1RCU1g1MDlDQWJ1c2luZXNz
LmNybDAzoDGgL4YtaHR0cDovL2NybC50YnMteDUwOS5jb20vVEJTWDUwOUNBYnVz
aW5lc3MuY3JsMIGIBggrBgEFBQcBAQR8MHowPQYIKwYBBQUHMAKGMWh0dHA6Ly9j
cnQudGJzLWludGVybmV0LmNvbS9UQlNYNTA5Q0FidXNpbmVzcy5jcnQwOQYIKwYB
BQUHMAKGLWh0dHA6Ly9jcnQudGJzLXg1MDkuY29tL1RCU1g1MDlDQWJ1c2luZXNz
LmNydDANBgkqhkiG9w0BAQUFAAOCAQEAPvfDSAWpZXoR0LmciZtOppAzw+f1Zmz1
TWgmAkvEANbk6hvJFWuYEY9fvKf85Zq5s1as72/Jc/3mfEMWv1AayFRanm9EOM6q
23tKutVAGnM6zMvotOUjgM8+iRQ3q8YlxXWoej7QQuJcboEmWCMFWHOdr9/tJRJx
OStzEkfKEwdMUxCVDxMttJJ5WnXWiYIlpqqdAhT4dQGWL8SeTDnlM8Cv05aBWs5K
8pASs5iMfriSngg7B3Tssjtsvhz2bj3P8OvKNRa80qcXJt9e0zphWH71srhcOj7L
CFZHwkMo+Bdy3Mo8Dj7SBIlMSNBLn+nHTL6Kp2SEQrCu7vSTWNjQ4Q==
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
---
No client certificate CA names sent
---
SSL handshake has read 7446 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 2048 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: B1A80EF87B678659813FDA2151A0178A411CEC957EBBC6A4A42A83E05D961EBF
    Session-ID-ctx:
    Master-Key: F455B69968D4BDE6CD117CE8329BA42E23ADB53B89F7F9E4F830C7BCB503CAAECAC1FF760425803617AAF655C3715496
    Key-Arg   : None
    Start Time: 1155729852
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
A ce moment, il faut simuler la demande d'une page requierant un certificat client, dans notre exemple: 
GET /php/testcrypto.php HTTP/1.1
HOST: testcert.pitux.com
Ce qui nous donne la fin de négociation: 
depth=3 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
verify return:1
depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
verify return:1
depth=1 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
verify return:1
depth=0 /C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
verify return:1
18264:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
18264:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:989:
---
Certificate chain
 0 s:/C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
 1 s:/C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
 2 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
 4 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgIQaTpdw5u/7x0siOIA5qf/CzANBgkqhkiG9w0BAQUFADCB
yTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxSDBGBgNVBAsTP1Rlcm1zIGFuZCBDb25k
aXRpb25zOiBodHRwOi8vd3d3LnRicy1pbnRlcm5ldC5jb20vQ0EvcmVwb3NpdG9y
eTEYMBYGA1UECxMPVEJTIElOVEVSTkVUIENBMR0wGwYDVQQDExRUQlMgWDUwOSBD
QSBidXNpbmVzczAeFw0wNjAyMDIwMDAwMDBaFw0wNzAyMDMyMzU5NTlaMIHnMQsw
CQYDVQQGEwJGUjEOMAwGA1UEERMFMTQwMTIxETAPBgNVBAgTCENhbHZhZG9zMQ0w
CwYDVQQHEwRDQUVOMRAwDgYDVQQJEwdDRURFWCAxMQ8wDQYDVQQSEwZCUCAyMzcx
FTATBgNVBAoTDFRCUyBJTlRFUk5FVDEUMBIGA1UECxMLSW5mb2dlcmFuY2UxITAf
BgNVBAsTGFByb3ZpZGVkIGJ5IFRCUyBJTlRFUk5FVDEdMBsGA1UECxMUWDUwOSBP
bW5pZG9tYWluZSBUQlMxFDASBgNVBAMUCyoucGl0dXguY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qUf98nqBnu4uSKs1Be3hr1fr4LBllMwLjgC
4vjZhJCro5X7D6kN2JNaLR79pqAbsUc2Lt4cvl7oiiGN+KDMcE0pURjNWyb3XwRs
pe/UAMeivRei5AUCrrHEdJ3RU2n+FFF/Y+GJbiKY2yY6BOFMgmgNf9sqg/tFwx5Q
F45nWhmEntt1zEuv0dAsZ+YHubxQen0DgyvOqDodS3poDB9fGqkttfwTsocSbWQZ
sNEzxZfi2nULq41vAjkXp3XGqyLSsrlLlqA4UQIuR4bw5hcQ92F7CHWK6AdfHY0h
zTX9yPGW4OU56ZYvgdyxLbVshvcQshx/6fIUVCZtp/6w2Qv/HwIDAQABo4IB5jCC
AeIwHwYDVR0jBBgwFoAUGgkEzPkJj7seoM7UpBR/S9UjWM0wHQYDVR0OBBYEFBvr
JGDOHCuK7IT3hWppw+UMQXt4MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBglghkgBhvhCAQEEBAMC
BsAwTAYDVR0gBEUwQzBBBgsrBgEEAYDlNwIBATAyMDAGCCsGAQUFBwIBFiRodHRw
czovL3d3dy50YnMtaW50ZXJuZXQuY29tL0NBL0NQUzEwdwYDVR0fBHAwbjA3oDWg
M4YxaHR0cDovL2NybC50YnMtaW50ZXJuZXQuY29tL1RCU1g1MDlDQWJ1c2luZXNz
LmNybDAzoDGgL4YtaHR0cDovL2NybC50YnMteDUwOS5jb20vVEJTWDUwOUNBYnVz
aW5lc3MuY3JsMIGIBggrBgEFBQcBAQR8MHowPQYIKwYBBQUHMAKGMWh0dHA6Ly9j
cnQudGJzLWludGVybmV0LmNvbS9UQlNYNTA5Q0FidXNpbmVzcy5jcnQwOQYIKwYB
BQUHMAKGLWh0dHA6Ly9jcnQudGJzLXg1MDkuY29tL1RCU1g1MDlDQWJ1c2luZXNz
LmNydDANBgkqhkiG9w0BAQUFAAOCAQEAPvfDSAWpZXoR0LmciZtOppAzw+f1Zmz1
TWgmAkvEANbk6hvJFWuYEY9fvKf85Zq5s1as72/Jc/3mfEMWv1AayFRanm9EOM6q
23tKutVAGnM6zMvotOUjgM8+iRQ3q8YlxXWoej7QQuJcboEmWCMFWHOdr9/tJRJx
OStzEkfKEwdMUxCVDxMttJJ5WnXWiYIlpqqdAhT4dQGWL8SeTDnlM8Cv05aBWs5K
8pASs5iMfriSngg7B3Tssjtsvhz2bj3P8OvKNRa80qcXJt9e0zphWH71srhcOj7L
CFZHwkMo+Bdy3Mo8Dj7SBIlMSNBLn+nHTL6Kp2SEQrCu7vSTWNjQ4Q==
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14012/ST=Calvados/L=CAEN/streetAddress=CEDEX 1/2.5.4.18=BP 237/O=TBS INTERNET/OU=Infogerance/OU=Provided by TBS INTERNET/OU=X509 Omnidomaine TBS/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
---
SSL handshake has read 15508 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 2048 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 8D6DDE58435237DDCF7818F26E320C07C5494B67C9B595D43030A5072EFB0166
    Session-ID-ctx:
    Master-Key: 9F1D4058D1167ACA04B7BFD6E00D4116DCE8D7D6CF37080C893F2BBE37FEC1E2C986F26F2DDEFBCB95E48735C162A2DC
    Key-Arg   : None
    Start Time: 1155730273
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
Ce qui nous interesse est la section Acceptable client certificate CA names: 
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
Notez aussi l'affichage de 
SSL alert number 40
qui indique que le serveur refuse la connexion car on n'a pas présenté de certificat client (il faut compléter la ligne de commande).


Il est possible d'utiliser openssl pour vérifier la présentation d'un certificat client auprès d'un serveur qui en requiert. Il suffit alors de spécifier le certificat client et la clef privée avec les parametres -cert et -key.

openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexit -cert votre.certificat.client.cert -key votre.clef.privee.key
Voila ce que cela donne en présentant un certificat:

CONNECTED(00000003)
depth=3 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
verify return:1
depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
verify return:1
depth=1 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
verify return:1
depth=0 /C=FR/postalCode=14000/ST=Calvados/L=Caen/streetAddress=22 rue de Bretagne/O=TBS INTERNET/OU=exploitation infogerance/CN=*.pitux.com
verify return:1
---
Certificate chain
 0 s:/C=FR/postalCode=14000/ST=Calvados/L=Caen/streetAddress=22 rue de Bretagne/O=TBS INTERNET/OU=exploitation infogerance/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 2 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
 3 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgIQFP92hKGbunCB7wuTmolQ5jANBgkqhkiG9w0BAQUFADCB
yTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxSDBGBgNVBAsTP1Rlcm1zIGFuZCBDb25k
aXRpb25zOiBodHRwOi8vd3d3LnRicy1pbnRlcm5ldC5jb20vQ0EvcmVwb3NpdG9y
eTEYMBYGA1UECxMPVEJTIElOVEVSTkVUIENBMR0wGwYDVQQDExRUQlMgWDUwOSBD
QSBidXNpbmVzczAeFw0wNzAxMzEwMDAwMDBaFw0wOTAyMDMyMzU5NTlaMIGsMQsw
CQYDVQQGEwJGUjEOMAwGA1UEERMFMTQwMDAxETAPBgNVBAgTCENhbHZhZG9zMQ0w
CwYDVQQHEwRDYWVuMRswGQYDVQQJExIyMiBydWUgZGUgQnJldGFnbmUxFTATBgNV
BAoTDFRCUyBJTlRFUk5FVDEhMB8GA1UECxMYZXhwbG9pdGF0aW9uIGluZm9nZXJh
bmNlMRQwEgYDVQQDFAsqLnBpdHV4LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAoUBxJohRpvO8vrgQr7OY8hXzyeXQeQRdnFuHWZhsSOjrt2rDsEgfvWPj
YMzWIB8GLjtKW4qorAWK64TPSmMLWVH4NSxgKGhohN5fdrYxNSs5VhvTqsDztjcI
g6TXOT0QZaWhMpaiWvxIyIRsavsslq0Fbkr0IM33XVQAFjgvPcsCAwEAAaOCAeYw
ggHiMB8GA1UdIwQYMBaAFBoJBMz5CY+7HqDO1KQUf0vVI1jNMB0GA1UdDgQWBBS5
IXjPe16GfkdYOgjNiAvFH6CCUjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQD
AgbAMEwGA1UdIARFMEMwQQYLKwYBBAGA5TcCAQEwMjAwBggrBgEFBQcCARYkaHR0
cHM6Ly93d3cudGJzLWludGVybmV0LmNvbS9DQS9DUFMxMHcGA1UdHwRwMG4wN6A1
oDOGMWh0dHA6Ly9jcmwudGJzLWludGVybmV0LmNvbS9UQlNYNTA5Q0FidXNpbmVz
cy5jcmwwM6AxoC+GLWh0dHA6Ly9jcmwudGJzLXg1MDkuY29tL1RCU1g1MDlDQWJ1
c2luZXNzLmNybDCBiAYIKwYBBQUHAQEEfDB6MD0GCCsGAQUFBzAChjFodHRwOi8v
Y3J0LnRicy1pbnRlcm5ldC5jb20vVEJTWDUwOUNBYnVzaW5lc3MuY3J0MDkGCCsG
AQUFBzAChi1odHRwOi8vY3J0LnRicy14NTA5LmNvbS9UQlNYNTA5Q0FidXNpbmVz
cy5jcnQwDQYJKoZIhvcNAQEFBQADggEBAL5RIH9nSk+e/EJYeLgUbbwpL+XOHuHE
D0jNfRUNUuuJrX1Ls8pvnZVzsG+fkamTUZJeVcyQMw9ug3G4YzMfQjgJ/iEPSJrO
c62BjW369YqIxNGx9hMlembhFF+Rc4b4cu3AKlzk4JPUFLXG6RlNcbxzBDlwcJwq
7RT2sPvxgBeVwxgX8Knot9ObHUiRytljJoU9zHyt5fPaVIIV1jDfYO0s1u25hHou
gOtVM+Abd44m0AyJ/EeO6Ub1AHSOLIm0n10FzvToFJuhe8Zv6QWLRCxiA69sQ4c1
vhGnU1sd8MQOcsHcvX7bQ/2ZImFVY1s6it7U5/MOsHKxjU9dv6dN2RU=
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14000/ST=Calvados/L=Caen/streetAddress=22 rue de Bretagne/O=TBS INTERNET/OU=exploitation infogerance/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
---
No client certificate CA names sent
---
SSL handshake has read 5548 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: B0CDDAD79246044276771E74C6207A6E5D75EDF700417181E61D010A24568A0A
    Session-ID-ctx:
    Master-Key: 63923F19754A6388DA3D7A5ACD2CB30C4F5B741E99B0C95B10DF345C2E49A6CC6A1C2D832E278BF21D3E07B9DC77875C
    Key-Arg   : None
    Start Time: 1177334443
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
GET /php/testcrypto.php HTTP/1.1
Host: testcert.pitux.com

depth=3 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
verify return:1
depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
verify return:1
depth=1 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
verify return:1
depth=0 /C=FR/postalCode=14000/ST=Calvados/L=Caen/streetAddress=22 rue de Bretagne/O=TBS INTERNET/OU=exploitation infogerance/CN=*.pitux.com
verify return:1
read R BLOCK
HTTP/1.1 200 OK
Date: Mon, 23 Apr 2007 13:21:08 GMT
Server: Apache/2.0.54 (Unix)
X-Powered-By: PHP/4.4.5
Content-Length: 3806
Content-Type: text/html


<html>
...
</html>
closed
---
Certificate chain
 0 s:/C=FR/postalCode=14000/ST=Calvados/L=Caen/streetAddress=22 rue de Bretagne/O=TBS INTERNET/OU=exploitation infogerance/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 2 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
 3 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgIQFP92hKGbunCB7wuTmolQ5jANBgkqhkiG9w0BAQUFADCB
yTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxSDBGBgNVBAsTP1Rlcm1zIGFuZCBDb25k
aXRpb25zOiBodHRwOi8vd3d3LnRicy1pbnRlcm5ldC5jb20vQ0EvcmVwb3NpdG9y
eTEYMBYGA1UECxMPVEJTIElOVEVSTkVUIENBMR0wGwYDVQQDExRUQlMgWDUwOSBD
QSBidXNpbmVzczAeFw0wNzAxMzEwMDAwMDBaFw0wOTAyMDMyMzU5NTlaMIGsMQsw
CQYDVQQGEwJGUjEOMAwGA1UEERMFMTQwMDAxETAPBgNVBAgTCENhbHZhZG9zMQ0w
CwYDVQQHEwRDYWVuMRswGQYDVQQJExIyMiBydWUgZGUgQnJldGFnbmUxFTATBgNV
BAoTDFRCUyBJTlRFUk5FVDEhMB8GA1UECxMYZXhwbG9pdGF0aW9uIGluZm9nZXJh
bmNlMRQwEgYDVQQDFAsqLnBpdHV4LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAoUBxJohRpvO8vrgQr7OY8hXzyeXQeQRdnFuHWZhsSOjrt2rDsEgfvWPj
YMzWIB8GLjtKW4qorAWK64TPSmMLWVH4NSxgKGhohN5fdrYxNSs5VhvTqsDztjcI
g6TXOT0QZaWhMpaiWvxIyIRsavsslq0Fbkr0IM33XVQAFjgvPcsCAwEAAaOCAeYw
ggHiMB8GA1UdIwQYMBaAFBoJBMz5CY+7HqDO1KQUf0vVI1jNMB0GA1UdDgQWBBS5
IXjPe16GfkdYOgjNiAvFH6CCUjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQD
AgbAMEwGA1UdIARFMEMwQQYLKwYBBAGA5TcCAQEwMjAwBggrBgEFBQcCARYkaHR0
cHM6Ly93d3cudGJzLWludGVybmV0LmNvbS9DQS9DUFMxMHcGA1UdHwRwMG4wN6A1
oDOGMWh0dHA6Ly9jcmwudGJzLWludGVybmV0LmNvbS9UQlNYNTA5Q0FidXNpbmVz
cy5jcmwwM6AxoC+GLWh0dHA6Ly9jcmwudGJzLXg1MDkuY29tL1RCU1g1MDlDQWJ1
c2luZXNzLmNybDCBiAYIKwYBBQUHAQEEfDB6MD0GCCsGAQUFBzAChjFodHRwOi8v
Y3J0LnRicy1pbnRlcm5ldC5jb20vVEJTWDUwOUNBYnVzaW5lc3MuY3J0MDkGCCsG
AQUFBzAChi1odHRwOi8vY3J0LnRicy14NTA5LmNvbS9UQlNYNTA5Q0FidXNpbmVz
cy5jcnQwDQYJKoZIhvcNAQEFBQADggEBAL5RIH9nSk+e/EJYeLgUbbwpL+XOHuHE
D0jNfRUNUuuJrX1Ls8pvnZVzsG+fkamTUZJeVcyQMw9ug3G4YzMfQjgJ/iEPSJrO
c62BjW369YqIxNGx9hMlembhFF+Rc4b4cu3AKlzk4JPUFLXG6RlNcbxzBDlwcJwq
7RT2sPvxgBeVwxgX8Knot9ObHUiRytljJoU9zHyt5fPaVIIV1jDfYO0s1u25hHou
gOtVM+Abd44m0AyJ/EeO6Ub1AHSOLIm0n10FzvToFJuhe8Zv6QWLRCxiA69sQ4c1
vhGnU1sd8MQOcsHcvX7bQ/2ZImFVY1s6it7U5/MOsHKxjU9dv6dN2RU=
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14000/ST=Calvados/L=Caen/streetAddress=22 rue de Bretagne/O=TBS INTERNET/OU=exploitation infogerance/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
---
SSL handshake has read 16286 bytes and written 2675 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 10A933DCEA38F070A39512EE32F022BCAD455223105F514D99FDEA24A3809FDE
    Session-ID-ctx:
    Master-Key: C72D7A1D01889E7B9602081F0510B81A420985D270F39A61C9AA5896D56B7D8BFE4593070331B1AC3C1827BB42B492E1
    Key-Arg   : None
    Start Time: 1177334468
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

[Contribuer à cette Entrée]
2007-Apr-23 2:05pm


Précédent: (Answer) Authentification forte avec IIS et TBS X509 Personnel
Ce document est: http://www.tbs-certificats.com//cgi-bin/fom.cgi?file=247


C'est une Faq-O-Matic 2.721.
francais anglais contact