Windows Notes: SSL / TLS / OpenSSL

  1. The information presented here is intended for educational use by qualified Windows technologists.
  2. The information presented here is provided free of charge, as-is, with no warranty of any kind.
  3. Is this text too small? You have two options:
    1. hold down the CTRL key while rolling the mouse wheel (zoom-in, zoom-out)
    2. use your keyboard like so:
      • hit: CTRL with "-" key to zoom smaller
      • hit: CTRL with "+" key to zoom larger
      • hit: CTRL with zero key to reset zoom
Edit: 2018-02-12

Introduction

Introductory material can be found on my original OpenSSL webpage here

Client-Server scripts for Windows demo

The following examples shows how to start a test server (you may need to create a certificate) then start a test client ON THE SAME MACHINE for educational purposes

DOS - Windows "Scripting Basics"


 sequence	description
-------------	-------------------------------------
::  remarks	beginning of remarks (to end of line)
rem remarks	beginning of remarks (to end of line)
%= remarks =%	embedded remarks
^		line continuation character
echo yada	display "yada"
echo ON		display commands as they are executed (script tracing)
echo OFF	disable script tracing

 

script: ssl-prep1.bat (optional)

Caveat: only execute this script (prep1) if the next script (prep2) fails with an error related to "can't find file openssl.cnf"

@echo ON
:: =============================================================                   
:: title   : ssl-prep1.bat
:: purpose : create a self-signed certificate for ssl-server.bat
:: notes   : ONLY DO THIS if file "openssl.cnf" is missing
:: platform: DOS/Windows
:: author  : Neil Rieck
:: created : 2018-01-30
:: =============================================================
copying the OpenSSL template file
:: copy the file and change the extension
copy c:\OpenSSL-Win32\bin\openssl.cfg openssl.cnf
echo Done

 

script: ssl-prep2 (one time only)


@echo ON
:: =============================================================
:: title   : ssl-prep2.bat
:: purpose : create a self-signed certificate for ssl-server.bat
:: platform: DOS/Windows
:: author  : Neil Rieck
:: created : 2018-01-30
::==============================================================
echo Creating Self-Signed Certificate
setlocal
IF EXIST c:\OpenSSL-Win32\bin SET PATH=%PATH%;c:\OpenSSL-Win32\bin
openssl	req		%= a circumflex continues the line =%			^
 -new										^
 -nodes										^
 -x509			%= x509 as a switch indicates "self signed" =%		^
 -config openssl.cnf								^
 -days 365		%= will expire in one year =%				^
 -set_serial 20180130	%= any big number (here I used ccyymmdd) =%		^
 -keyout hack123.key	%= I could have created/used a new key with -keyout =%	^
 -out hack123.crt	%= certificate data will be written here =%
echo Done
endlocal

 

script: ssl-server1.bat (serves up a fake file)


@echo ON
:: =====================================================
:: title  : ssl-server1.bat
:: purpose: ssl server demo for DOS/Windows
:: author : Neil Rieck
:: created: 2018-01-30
:: =====================================================
echo Starting OpenSSL Server1 (simple)
setlocal
IF EXIST c:\OpenSSL-Win32\bin SET PATH=%PATH%;c:\OpenSSL-Win32\bin
openssl s_server						^
 -accept 5000		%= listen on port 5000 =%		^
 -cert hack123.crt						^
 -key hack123.key						^
 -debug			%= this line is optional =%		^
 -www			%= barely simulate a webserver =%
echo Done

 

script: ssl-server2.bat (returns the file you request)


@echo ON
:: =====================================================
:: title  : ssl-server2.bat
:: purpose: ssl server demo for DOS/Windows
:: author : Neil Rieck
:: created: 2018-01-30
:: =====================================================
echo Starting OpenSSL Server1 (simple)
setlocal
IF EXIST c:\OpenSSL-Win32\bin SET PATH=%PATH%;c:\OpenSSL-Win32\bin
openssl s_server						^
 -accept 5000		%= listen on port 5000 =%		^
 -cert hack123.crt						^
 -key hack123.key						^
 -debug			%= this line is optional =%		^
 -WWW			%= fully simulate a webserver =%
echo Done

 

script: ssl-client.bat


@echo ON
:: =====================================================
:: title  : ssl-client.bat
:: purpose: ssl client demo for DOS/Windows
:: author : Neil Rieck
:: created: 2018-01-30
:: =====================================================
echo Starting OpenSSL client on port 5000
setlocal
IF EXIST c:\OpenSSL-Win32\bin SET PATH=%PATH%;c:\OpenSSL-Win32\bin
openssl s_client						^
 -debug				%= this is optional =%		^
 -connect 127.0.0.1:5000 
echo Done

 

fake web page

This fake web page (index.html) is required by ssl-server2.bat

<!DOCTYPE html>
<html>
<head>
<title>index.html</title>
</head>
<body>
<p>This is a test</p>
</body>
</html>

 

Example Sessions


Legend:
    <ur>	user response
    <sr>	system response
    <enter>	hit the enter key

 
session #1  comment session #2 comment
<sr> C:\Users\Neil>
<ur> ssl-server1.bat <enter>
<sr> bla...bla...bla...	
<sr> bla...bla...bla...	
<sr> bla...bla...bla...	
display my prompt
start OpenSSL server
server start dialog
client connect dialog
client fetch dialog
<sr> C:\Users\Neil>
<ur> ssl-client.bat <enter>
<sr> bla...bla...bla...
<ur> GET / HTTP/1.0<enter>
<sr> bla...bla...bla...
display my prompt
start OpenSSL client
client start-connect dialog
fetch built-in fake web page
web page is displayed

 
session #1  comment session #2 comment
<sr> C:\Users\Neil>
<ur> ssl-server2.bat <enter>
<sr> bla...bla...bla...	
<sr> bla...bla...bla...	
<sr> bla...bla...bla...	
display my prompt
start OpenSSL server
server start dialog
client connect dialog
client fetch dialog
<sr> C:\Users\Neil>
<ur> ssl-client.bat <enter>
<sr> bla...bla...bla...
<ur> GET index.html HTTP/1.0<enter>
<sr> bla...bla...bla...
display my prompt
start OpenSSL client
client start-connect dialog
fetch desired file
web page is displayed

 

External Links

SSL (general) 

OpenSSL Tutorials

OpenSSL for Windows


Back to OpenVMS
 Back to Home
 Neil Rieck
 Kitchener - Waterloo - Cambridge, Ontario, Canada.