Linux

Examining SSL Certificates

Engineers verify web server certificates to confirm transport security. OpenSSL provides a mechanism to retrieve this data. The tool negotiates a connection and returns the certificate chain.

openssl s_client -connect <domain name>:443

You inspect the output for expiration dates and issuer details. Read Bruce's blog post about verifying certificates for broader context.

Adding Root Certificates

Trust boundaries require custom root certificates in enterprise networks. You update the local trust stores to prevent secure connection errors during operations. Tools parse these directories to validate signatures.

Ubuntu Systems

Debian-based distributions manage certificates in a central location. You place the public key material in a specific path. The system updates a concatenated bundle file.

  1. Ensure the directory exists. Run sudo mkdir -p /usr/local/share/ca-certificates.
  2. Convert PEM formatted keys if necessary. The system expects CRT format. Run openssl x509 -in mypem.pem -inform PEM -out mycrt.crt.
  3. Relocate the file. Run sudo mv mycrt.crt /usr/local/share/ca-certificates/mycrt.crt.
  4. Rebuild the system bundle. Run sudo update-ca-certificates.

Some applications maintain independent credential stores. You configure the environment variables to guide them.

echo "export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" > /etc/profile.d/add_ssl_cert_file.sh

RHEL Systems

Red Hat distributions utilize a different hierarchy. You deposit the key in the anchor directory. The update script integrates it into the global bundle.

  1. Place the root certificate in the appropriate anchor location. The path is /etc/pki/ca-trust/source/anchors/my-cert.crt.
  2. Instruct the OS to rebuild the trust store. Run sudo update-ca-trust.

Set the environment variables for distinct tools.

echo "export SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" > /etc/profile.d/add_ssl_cert_file.sh

Examining Incoming HTTP Traffic

Network investigation demands packet analysis. You capture traffic to diagnose routing failures or malformed requests. The tcpflow tool unearths HTTP method signatures and host headers. This command filters noise and isolates the desired traffic.

tcpflow -p -c -i eth0 port 80 | grep -oE '(GET|POST|HEAD) .* HTTP/1.[01]|Host: .*'

Regular Expressions for Access Logs

Web servers document client connections. Administrators parse these access logs to extract metrics. This regular expression isolates IPv4 addresses, timestamps, HTTP methods, response codes, and user agents.

(\d*\.\d*\.\d*\.\d*) \- \- \[(.*)\] "(\w*) (.*) HTTP\/\d\.\d" (\d*) (\d*) "(.*)" "(.*)" (\d*\.\d*) (\d*\.\d*)