Five Essential OpenSSL Troubleshooting Commands

 Troubleshooting SSL certificates and connections? Here are five handy openssl commands that every network engineer should be able to use. Bookmark this – you never know when it will come in handy!

1. Check the Connection

 openssl s_client -showcerts -connect www.microsoft.com:443

This command opens an SSL connection to the specified site and displays the entire certificate chain as well. Here’s an abridged version of the sample output:

MBP$ openssl s_client -showcerts -connect www.microsoft.com:443
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public
 Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=
     Washington/businessCategory=Private Organization/
     serialNumber=600413485/C=US/postalCode=98052/ST=Washington/
     L=Redmond/street=1 Microsoft Way/O=Microsoft Corporation/
     OU=MSCOM/CN=www.microsoft.com
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/
     CN=Symantec Class 3 EV SSL CA - G3
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/
     CN=Symantec Class 3 EV SSL CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
     VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3
     Public Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
[...]
 Continue reading

What’s in my toolbag – Update 3 – Airconsole

Continuing on with the “What’s in my toolbag” series ( Original Post –  Update 1 –  Update 2 ) this week we will discuss a handy tool called Airconsole from Get Console. There are 3 models of the Airconsole 2.0 –  Standard, Pro, and XL.  The Standard and Pro (this is the one I own) are […]

The post What’s in my toolbag – Update 3 – Airconsole appeared first on Fryguy's Blog.

Act!

Part 1: Getting Inside the Loop
Part 2: Orientation
Part 3: Decide!

Once you’ve observed, oriented, and decided, it’s time to act. This might seem like a minor concept, but it’s actually really, really hard to act in a lot of situations. There are two elements here — the first is our willing suspension of belief, and the second is the doubt storm. Let’s talk about these two.

The willing suspension of belief. To find an example here, I’m going to fall back on my training in self defense. When you first find yourself in any situation that is “bad,” your first line of thought is going to be “this isn’t really happening,” or “why would this person want to hurt me?” In the same way, when your network is failing or under attack, the easiest thing in the world is to disregard the loop, roll over, and go back to sleep. Why would anyone attack my network? Why would this bug be hitting my control plane? Like Scrooge faced with a ghost, we say, “there’s more gravy than grave about you.” And this is a grave mistake. There’s a reason you’ve gone through all the trouble of Continue reading

Face of Chinese IT industry doesn’t please everyone at German trade show

Jack Ma, founder of Alibaba Group, made his first visit to the Cebit trade show 14 years ago, pitching Chinese products to Westerners from a small booth that attracted few visitors.Eight years ago, he returned, that time hoping to interest European companies in an online marketplace. That didn’t work out, because people saw the Internet and trade fairs as competitors.Now, though, Ma has it made. China’s tech industry, of which his company is one of the leaders, is a guest of honor at this year’s show, and Ma was the industry star of Sunday night’s Cebit opening ceremony, where he told the story of his previous visits.Feted during the opening ceremony, Ma would have been jeered on Monday morning had he been among the first through the gates. Two groups of protestors greeted visitors, one from Amnesty International, the other from Germany’s Society for Threatened Peoples. Both were unhappy about how the Chinese government orders companies to censor the Internet.To read this article in full or to leave a comment, please click here

Face of Chinese IT industry doesn’t please everyone at German trade show

Jack Ma, founder of Alibaba Group, made his first visit to the Cebit trade show 14 years ago, pitching Chinese products to Westerners from a small booth that attracted few visitors.Eight years ago, he returned, that time hoping to interest European companies in an online marketplace. That didn’t work out, because people saw the Internet and trade fairs as competitors.Now, though, Ma has it made. China’s tech industry, of which his company is one of the leaders, is a guest of honor at this year’s show, and Ma was the industry star of Sunday night’s Cebit opening ceremony, where he told the story of his previous visits.Feted during the opening ceremony, Ma would have been jeered on Monday morning had he been among the first through the gates. Two groups of protestors greeted visitors, one from Amnesty International, the other from Germany’s Society for Threatened Peoples. Both were unhappy about how the Chinese government orders companies to censor the Internet.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, March 16

BlackBerry teams up with Samsung and IBM on a secure tabletBlackBerry is returning to the tablet market—this time with the help of Samsung, IBM and Secusmart, the German encryption specialist it bought last year. The SecuTablet was developed for customers in German government and is a Samsung Galaxy Tab S 10.5 LTE 16GB bundled with software from IBM and a MicroSD card that combines a number of cryptographic chips to protect data.Alibaba working on face recognition for payment authenticationTo read this article in full or to leave a comment, please click here

Government requests for Facebook data continue to grow

Requests from governments for people’s Facebook account data were overall on the rise in the second half of 2014, though they declined in the U.S. and Germany.The total number of requests rose slightly to 35,051, up from 34,946 in the first half, Facebook said in a post on its updated Global Government Requests Report released Monday.The vast majority of requests relate to criminal cases including robberies and kidnappings, the social networking company said. In many of the cases, the government was seeking basic subscriber information such as name and registration date. In others, law enforcement also sought access to IP address logs or account content.To read this article in full or to leave a comment, please click here

7 things we want to see in the Surface Pro 4

Surface Pro 4Microsoft’s Surface Pro 3 has become a surprise hit, bringing in more than $900 million in revenue, according to industry analysts, and generating such enthusiasm that fans are looking forward to the next version. The Surface Pro 3 was designed to present Windows 8.1 at its best, so it’s expected that its successor will serve as a showcase for Windows 10, which could come out as early as this summer. Perhaps a “Surface Pro 4” will debut at the same time or soon after Windows 10 launches. Here’s what we’d like to see in the Surface Pro 4.To read this article in full or to leave a comment, please click here

New Gigabit Wi-Fi access points target SMBs

Gigabit Wi-Fi access pointsLast year, we reviewed five of the first Gigabit Wi-Fi access points to hit the market. This time around, we’re testing three new entrants: the Cisco WAP371, D-Link’s DAP-2695, and the Edimax WAP-1750. Each product is a three-stream (3x3) 802.11ac access point designed for small and midsized business (SMB) environments and up. Each includes a built-in controller to centrally manage multiple access points. (Read the full product review.)To read this article in full or to leave a comment, please click here

Review: Gigabit Wi-Fi access points for SMBs

Last year we reviewed five of the first Gigabit Wi-Fi access points to hit the market. This time around, we’re testing three new entrants: the Cisco WAP371, D-Link’s DAP-2695, and the Edimax WAP-1750.D-Link DAP-2695In addition to the regular access point mode, this Edimax unit supports WDS with or without the access point functionality running concurrently. It supports up to 32 SSIDs, 16 for each band. The access point also offers a simple load balancing feature and rogue access point detection. Like the D-Link access point, this unit has a built-in RADIUS server so you can easily utilize enterprise-class Wi-Fi security. However, the Edimax unit supports up to 256 user accounts. Another simple yet potentially very useful feature is its built-in beeper so you can make access points sound from the web GUI and physically locate them in the building.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 03.16.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Allworx ConnectPricing: Connect 320: $1,230; Connect 324: $1,355; Connect 530: $1,665; Connect 536: $1,875; Connect 731: $3,250To read this article in full or to leave a comment, please click here

New products of the week 03.16.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Allworx ConnectPricing: Connect 320: $1,230; Connect 324: $1,355; Connect 530: $1,665; Connect 536: $1,875; Connect 731: $3,250To read this article in full or to leave a comment, please click here

We Have to Get Away from the Box-Focused Mentality

I had a great SDN-focused conversation with Terry Slattery during last Interop New York, ago and of course we came to the argument that the CLI is the root of all evil, which started my usual rant. Guess what: not surprisingly that wasn’t what Terry had in mind. He was using the “CLI mentality is bad” as a synonym for “we’re used to configuring our networks one box at a time” (so we should really be talking about box-focused mentality).

Alibaba uses facial recognition tech for online payments

E-commerce giant Alibaba Group and affiliated online payment service Alipay are aiming to use facial recognition technology to take the place of passwords.On Sunday, Alibaba chairman Jack Ma showed off the new feature while speaking at the Cebit trade fair in Hanover, Germany.Using Alipay, Ma bought a souvenir stamp from Alibaba’s e-commerce site in China. But to confirm the purchase, Ma scanned his face using the front camera on his smartphone.“Online payment to buy things is always a big headache,” he said. “You forget your password, you worry about your security. Today we show you a new technology.”Alibaba, which reigns as China’s largest e-commerce player, said Monday that the facial recognition feature was still under development.To read this article in full or to leave a comment, please click here

Alibaba uses facial recognition tech for online payments

E-commerce giant Alibaba Group and affiliated online payment service Alipay are aiming to use facial recognition technology to take the place of passwords.On Sunday, Alibaba chairman Jack Ma showed off the new feature while speaking at the Cebit trade fair in Hanover, Germany.Using Alipay, Ma bought a souvenir stamp from Alibaba’s e-commerce site in China. But to confirm the purchase, Ma scanned his face using the front camera on his smartphone.“Online payment to buy things is always a big headache,” he said. “You forget your password, you worry about your security. Today we show you a new technology.”Alibaba, which reigns as China’s largest e-commerce player, said Monday that the facial recognition feature was still under development.To read this article in full or to leave a comment, please click here

BGP RR Design – Part 2

This is a continuation from Part 1 9. ACME VPN RR’s Design: So the current total number of PE’s dedicated for VPN functionality is around 400 (2 PE’s in each POP x 200). A full iBGP mesh between 400 PE’s comes around 79,800 sessions ((400×399) /2). By introducing two  VPN RR’s each PE will have only two iBGP sessions […]

Author information

Diptanshu Singh

Diptanshu Singh,(3xCCIE,CCDE) is a Sr. Engineer mostly focused on service providers , data center and security. He is a network enthusiast passionate about network technologies so not only is it his profession, but something of a hobby as well.

LinkedIn

The post BGP RR Design – Part 2 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

BGP RR Design – Part 1

1. Introduction In this post we will be looking at large scale RR design by using a fictional ISP ACME  as a reference. As usual, I am assuming that the reader has familiarity with BGP and basic RR concepts. 2. Setting the Stage ACME is a communications company providing communications and data services to residential, business, governmental and wholesale customers. […]

Author information

Diptanshu Singh

Diptanshu Singh,(3xCCIE,CCDE) is a Sr. Engineer mostly focused on service providers , data center and security. He is a network enthusiast passionate about network technologies so not only is it his profession, but something of a hobby as well.

LinkedIn

The post BGP RR Design – Part 1 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

A10 Networks and Big Switch: Accelerating Application Delivery and Pervasive Security with Open SDN Fabrics

Yahoo puts email encryption plugin source code up for review

Yahoo released the source code for a plugin that will enable end-to-end encryption of email messages, a planned data-security improvement prompted by disclosures of U.S. National Security Agency snooping.The company is asking security experts to look at its code, published on GitHub, and report vulnerabilities, wrote Alex Stamos, Yahoo’s chief information security officer, in a blog post.The plugin should be ready by year end, wrote Stamos, who gave a presentation on Sunday at the South by Southwest conference in Austin, Texas.To read this article in full or to leave a comment, please click here

German industry is poised to exploit rural broadband

Internet speeds of 50Mbps are nothing but a pipe dream for most inhabitants of Britain, while even 5Mbps would be a welcome boost for many living in remote areas.Yet by 2018, German Chancellor Angela Merkel wants all Germans, even those in rural communities, to have access to 50Mbps broadband connections, she said at the opening ceremony of the Cebit trade show on Sunday.This ambitious goal, if attained, could revolutionize many aspects of farming and forestry, allowing a transition from practices based on intuition and tradition to those based on big data and analytics.And German businesses, including century-old agricultural machinery maker Claas, enterprise software specialist SAP, and a new generation of mobile app developers, are ready to take advantage of it.To read this article in full or to leave a comment, please click here