1. # a very nice technical guide to openssl user authentication with apache using certificates and smartcards
  2. # a very interesting overview with useful examples of commonly used openssl commands: http://resin.csoft.net/cgi-bin/man.cgi?sektion=1&topic=openssl
  3. # compute the crypt password as used by many unix systems:
     openssl passwd 
  4. # generate and print a 1024-bit rsa key pair:
     openssl genrsa -out rsa.key.pair 1024
     openssl rsa -in rsa.key.pair -text -noout 
  5. # convert a certificate from DER into PEM format:
     openssl x509 -in cert.der -inform DER -outform PEM -out cert.pem 
  6. # verify the validity of a certificate using openssl, given a file cacerts.txt which holds a concatenation of trusted ca certificates in PEM format:
     openssl verify -CAfile cacerts.txt -purpose any cert1.pem cert2.pem 
  7. # having a look at the content of a certificate revocation list:
     openssl crl -in crl.der -inform DER -text -noout|less 
  8. # compiling a sample engine for openssl 0.9.7x:
     TARGETDIR=~/openssl
     mkdir -p $TARGETDIR
     cd $TARGETDIR
     wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz
     wget http://sunsite.rediris.es/pub/rediris/cert/crypt/misc/rsaref2.tar.gz
     tar -xzvf openssl-0.9.7*
     cd openssl*/demos/engines
     tar -xzvf ../../../rsaref2.tar.gz
     mv rsaref2/* rsaref
     rmdir rsaref2
     cd rsaref
     wget http://godot.studentenweb.org/patches/rsaref/patch.rsaref.makefile
     patch -p0 < patch.rsaref.makefile
     make gnu
    # once the engine has been compiled, you can copy into a directory where you keep your shared libraries, e.g.,
     mkdir ~/lib
     cp librsaref.so ~/lib 
    # you can now enjoy using your engine as follows:
     openssl engine -vvvv dynamic -pre SO_PATH:$HOME/lib/librsaref.so -pre ID:rsaref -pre LIST_ADD:1 -pre LOAD -t -c 
     fortune > data.txt
     openssl md5 -engine rsaref data.txt
    # note that it is important to specify the absolute path to the shared library...