I have the following code in Powershell:
$headerEncoded=openssl base64 -in header.json -A
$payloadEncoded=openssl base64 -in payload.json -A
$headerEncoded=$headerEncoded.Split('=')[0].Replace('+', '-').Replace('/', '_')
$payloadEncoded=$payloadEncoded.Split('=')[0].Replace('+', '-').Replace('/', '_')
$toBeSigned=$headerEncoded + "." + $payloadEncoded
$toBeSigned | Out-File -Encoding "UTF7" toBeSigned.txt -NoNewLine
openssl dgst -sha256 -sign jwtRS256.key toBeSigned.txt | openssl enc -base64 -A
In the last row in Powershell I try to sign the header + payload. However I get a different result in Powershell (wrong) as I run the same command in cmd.
Result Powershell:
3XGGUQX1wAHJ22dbOuJd25Bgn0wzRtl/9ZjMos+6lOuZM7a2OH1iR8Xe6R5PrSoObgREuXui9fOkxinHOD1FIwdudslAgEySYIJ67XlDswACPOVgdKAtfSTqMO0NCtCrSJs1XuikMkC9qrTkj5swcIK3HmG1hstvKYYTLh7U9/Bqrsn6jcNG/JQyaUVOiMdm9z9b/N7+ro3dg05ieFdR8o9gyhsXaRbqjdZvL53bSbs8CUdxpZFs3i+jQQO9PYZxZzX6/HzN6A+o/s+MhNnMYu75+mb4L7JQ2/Utzqp3xbtYKWe9WGvWd0uLN3aCmjPRHvtHk69Wl1QvMv5Nm0gT+p9fbZkXSPLREz/EXJpejbcYs8K9OX3iDoFLySfz8oLozwVstiaLngVO4K04cXcb2lMIHfD/z91buNw05/Cm0i7BSSx1leh5QTZSdwd89q6UkanNsok2HzBl9J9pBbOHsz59XXWk1GQUSBXWd+WsASaQML/IiIwYXWfxKxgooTPsJq3ezSXCDQp0UiX7erqUa0E3Eu3vXUjKbMZKljlKPCk5ewWK3LV4wrJpnKSIYBvuge0mag0KyBg84VrwRA0KABAQ8Qwss8bnaMVrOTBDk9kULRqDooz8ECivBfZzKr7Zy0l1UhMCOAWO8NfDoxKUGcP65qCInIR/AfHGAlV72EfpevZkDQo=
Result CMD:
3XGGUQX1wAHJ22dbOuJd25Bgn0wzRtl/9ZjMos+6lOuZM7a2OH1iR8Xe6R5PrSoObgREuXui9fOkxinHOD1FIwdudslAgEySYIJ67XlDswACPOVgdKAtfSTqMO0K0KtImzVe6KQyQL2qtOSPmzBwgrceYbWGy28phhMuHtT38GquyfqNw0b8lDJpRU6Ix2b3P1v83v6ujd2DTmJ4V1Hyj2DKGxdpFuqN1m8vndtJuzwJR3GlkWzeL6NBA709hnFnNfr8fM3oD6j+z4yE2cxi7vn6ZvgvslDb9S3OqnfFu1gpZ71Ya9Z3S4s3doKaM9Ee+0eTr1aXVC8y/k2bSBP6n19tmRdI8tETP8Rcml6Ntxizwr05feIOgUvJJ/PygujPBWy2JoueBU7grThxdxvaUwgd8P/P3Vu43DTn8KbSLsFJLHWV6HlBNlJ3B3z2rpSRqc2yiTYfMGX0n2kFs4ezPn1ddaTUZBRIFdZ35awBJpAwv8iIjBhdZ/ErGCihM+wmrd7NJcINdFIl+3q6lGtBNxLt711IymzGSpY5SjwpOXsFity1eMKyaZykiGAb7oHtJmoNyBg84VrwRAoAEBDxDCyzxudoxWs5MEOT2RQtGoOijPwQKK8F9nMqvtnLSXVSEwI4BY7w18OjEpQZw/rmoIichH8B8cYCVXvYR+l69mQ=
Content toBeSigned.txt:
ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImtpZCI6ICJ0ZXN0LWF1dG9tYXRpb24iDQp9.ew0KICAiZ2l2ZW5fbmFtZSI6ICJOaWNrIiwNCn0
I believe the problem resides with the pipe | in the last line of your script. In essence, the encoding is getting messed-up.
Here's a potential quick fix for the last line:
$toBeEncoded=openssl dgst -sha256 -sign jwtRS256.key toBeSigned.txt
$toBeEncoded | Out-File -Encoding "Default" toBeEncoded.txt -NoNewLine
openssl enc -base64 -A -in toBeEncoded.txt
If you want, you can add an -out jwtEncoded.txt at the end of the last openssl line here.
Related
Below, are the manual steps to generate a ca-cert.pem and respective client-cert.pem using Openssl (needed for Powershell MySql Connector). I would like to do the same thing automatically in the simplest way possible using only PowerShell 5; or, if not possible, with the help of a lightweight PowerShell Module.
1. Create key:
openssl genrsa 2048 > ca-key.pem
2. Create a ca-cert:
openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
(enter respective attributes: i.e.,Country Name, State, Locality Name, etc.)
3. Create client certificate request:
openssl req -newkey rsa:2048 -days 365000 -nodes -keyout client-key.pem -out client-req.pem
(enter same attributes as above)
4. Clean protected password:
openssl rsa -in client-key.pem -out client-key.pem
5. Verify client cert is OK:
openssl x509 -req -in client-req.pem -days 365000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
The closest I can get to doing this is create a self-signed certificate MyCert.cer file and export a respective MyCert.pfx file using the 3 lines below. Unfortunately, I don't think I'm even close. I'm hoping someone with more experience can help me to do this correctly in the simplest way possible.
$cert = New-SelfSignedCertificate -DnsName "CN=MyCert" -CertStoreLocation "Cert:\CurrentUser\My" -KeyLength 2048 -KeyAlgorithm "RSA" -KeyExportPolicy Exportable
Export-Certificate -Cert $cert -FilePath "C:\temp\MyCert.cer"
$cert | Export-PfxCertificate -FilePath "C:\temp\MyCert.pfx" -Password (ConvertTo-SecureString -String "password" -AsPlainText -Force)
I have a bash command
curl -v --silent https://abc.xyz/ 2>&1 | grep "CN=\*.xyz.com" -c
this works fine from a Ubuntu machine but I want to convert or use a similar command in Powershell or in CMD. I tried a bunch of variations like:
curl https://abc.xyz/ 2>&1 | Select-String -Pattern "CN=\*.xyz.com"
curl -E -Uri https://abc.xyz/ 2>&1 | Select-String -Pattern "CN=\*.xyz.com"
Invoke-WebRequest https://abc.xyz/ 2>&1 | Select-String -Pattern "CN=\*.xyz.com"
What I noticed in PS commands is, it's not outputting the common name to check the pattern with.
My actual need is to check if the wildcard cert used in https://abc.xyz/ or not.
What am I missing here?
My actual need is to check if the wildcard cert used in https://abc.xyz/ or not.
In this example, we'll check if a wildcard cert is used on msn.com:
$url = 'https://www.msn.com'
$req = [Net.HttpWebRequest]::Create($url)
$req.GetResponse() | Out-Null
$cerName = $req.ServicePoint.Certificate.GetName()
$cerName -match 'CN=\*\.msn\.com'
Output:
True
I'm trying to execute the following script on ubuntu machine using PS mode but it shows me nothing, I want to know how can I do have this date.
Below is the script that I have wrote:
$var = (Get-ChildItem /etc/ssl/certs)[0].NotAfter
Write-Host $var
PowerShell doesn't magically parse certificate files for you. Use the openssl command.
$cert = (Get-ChildItem /etc/ssl/certs)[0].FullName
$var = ((& openssl x509 -in $cert -dates -noout) -match 'notAfter').Split('=')[1]
I have some build scripts that generates certificates using CertMgr.exe, however I currently have to manually use the MMC snap-in, navigate to the certificate in question, right click it, select all tasks, select manage private keys, and then set the permissions manually. (For now, I just add Everyone and grant full permissions).
So I run the following script and then goto MMC and look for MACHINE-NAME Root CA and then modify the permission manually. How can I modify my script so I don't have to do this manual step?
param([String]$CertName=$env:COMPUTERNAME)
$CertAuthName= $CertName + " Root CA"
Get-ChildItem cert:\ -DNSNAME $($CertAuthName + "*") -Recurse | Remove-Item
Get-ChildItem cert:\ -DNSNAME $($CertName + "*") -Recurse | Remove-Item
Remove-Item $CertName"*"
Remove-Item $CertAuthName"*"
.\makecert.exe -n $("CN="+$CertAuthName) -r -sv $($CertAuthName+".pvk") $($CertAuthName+".cer") >$null 2>&1
.\makecert.exe -crl -n $("CN="+$CertAuthName) -r -sv $($CertAuthName+".pvk") $($CertAuthName+".crl") >$null 2>&1
.\CertMgr.Exe -add -c $($CertAuthName+".cer") -s -r localMachine root >$null 2>&1
.\CertMgr.Exe -add -crl $($CertAuthName+".crl") -s -r localMachine root >$null 2>&1
.\makecert.exe -sk $CERTNAME -n $("CN="+$CERTNAME) $($CERTNAME+".cer") -iv $($CertAuthName+".pvk") -ic $($CertAuthName+".cer") -sr localmachine -ss my -sky exchange -pe >$null 2>&1
There is an answer on another thread here:
https://stackoverflow.com/a/31175117/85936
that I believe will solve your problem.
I'm encountering an error when I try and run md5sum -c on a checksum file I generated. I should mention that I'm running this from PowerShell (as a script will be running this eventually) and this is the cygwin version of md5sum.
I have a test file, jira_defect.txt and I've created a checksum like this:
md5sum jira_defect.txt > result.md5
This gives a file with the following:
7d559b59459052f274e290b5e01a5485 *jira_defect.txt
But when I run
md5sum -c result.md5
I get the infamous error message
result.md5: no properly formatted MD5 checksum lines found
I've tried this again with the -t option, which removes the asterisk, but this hasn't made a difference.
Using the redirection operator to write the checksums to an output file causes the file to be created with the default encoding (Unicode). md5sum expects an ASCII file. Use Set-Content (or Out-File) to save the file with ASCII encoding:
md5sum jira_defect.txt | Set-Content result.md5 -Encoding ASCII
You can also work with Unicode files if you pipe their content into md5sum:
Get-Content result.md5 | md5sum -c
Demonstration:
PS C:\> md5sum .\test.ps1 > result.md5
PS C:\> md5sum -c .\result.md5
C:\md5sum.exe: .\result.md5: no properly formatted MD5 checksum lines found
PS C:\> Get-Content .\result.md5 | md5sum -c
.\test.ps1: OK
PS C:\> md5sum .\test.ps1 | Set-Content result.md5 -Encoding ASCII
PS C:\> md5sum -c .\result.md5
.\test.ps1: OK