OpenSSL - nimrody/knowledgebase GitHub Wiki

• How SSL works

• TLS 1.0 protocol example

• TLS 1.2 protocol example

• Common commands

• Generating certificates, keys

• Connect to remove SSL server

  openssl s_client -connect xxx.com:443

• Check certificate

  openssl x509 -in certificate.crt -text -noout

• OpenSSL check p12 expiration time

  You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command:

  openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes

  Then, you can extract the expiration date from the certificate in the .pem file using the following command:

  cat certificate.pem | openssl x509 -noout -enddate

Adding charles certificate as root certificate

According to this article

Run the following on the PEM certificate:

openssl x509 -inform PEM -subject_hash_old -in cacertificate.crt | head -1

This wil give you the deprecated certificate hash. For example, the output I got was 69241f1f. This means I must name my certificate file 69241f1f.0 for Android to accept it.

mount -o rw,remount /system
mv /sdcard/Downloads/69241f1f.0 /system/etc/security/cacerts
chmod 644 /system/etc/security/cacerts/69241f1f.0

• Charles remove license