Next i tried to use openssl to check server certificate:
Code: Select all
# openssl s_client -showcerts -connect localhost:443
CONNECTED(00000003)
139672310948288:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1557142451
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Config (sstp part. l2tp and pptp is working):
Code: Select all
[sstp]
verbose=1
ssl-ca-file=/etc/ssl/sstp-ca.crt
ssl-pemfile=/etc/ssl/sstp-cert.pem
ssl-keyfile=/etc/ssl/sstp-key.pem
sstp-ca.crt:
Code: Select all
# openssl x509 -noout -text -certopt no_pubkey,no_sigdump -in /etc/ssl/sstp-ca.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b7:99:4b:09:86:76:11:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = devCA root
Validity
Not Before: Dec 13 12:45:44 2018 GMT
Not After : Nov 30 12:45:44 2068 GMT
Subject: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = devCA root
X509v3 extensions:
X509v3 Subject Key Identifier:
93:DF:37:9A:5B:CE:99:C7:05:F5:40:9D:6B:DA:12:17:31:E3:56:E4
X509v3 Authority Key Identifier:
keyid:93:DF:37:9A:5B:CE:99:C7:05:F5:40:9D:6B:DA:12:17:31:E3:56:E4
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Code: Select all
# openssl x509 -noout -text -certopt no_pubkey,no_sigdump -in /etc/ssl/sstp-cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
94:a6:5f:ee:66:6f:a1:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = devCA root
Validity
Not Before: May 6 10:58:44 2019 GMT
Not After : Apr 15 10:58:44 2040 GMT
Subject: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = dm-gw
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:185.x.x.x, DNS:dm-gw, DNS:vpn.changed.ru
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication