❓ Help Begin Certificate

Absolooowt · Sep 29, 2019

Tanong lang po, para saan po ang Begin Certificate sa mga OVPN Configs?
Just asking.

homer_simpson · Sep 29, 2019

Indicator ng start of X.509 certificate. Yung '----END CERTIFICATE----' indicator naman ng end of cert. Kung mapapansin mo, hindi pwede bawasan/dagdagan ang any part of certificate.

Certificates, are more or less digital equivalent ng notaryo. Mas mahirap (close to impossible) na mai-falsify iyan dahil nakabase sa mathematical computations.

Para makita ang contents ng certicate, let's take this SunConfig.ovpn file as an example:

Code:

user@debian10:~$ cat Downloads/SunConfig.ovpn 
# Autoscript by Bonveio
# The new Setup of OpenVPN ( Eliptic Curve Encryption )
# More faster than traditional DH+KEY OpenVPN
# For manual installation, kindly pm me on Facebook: @Bonveio

client 
dev tun
proto tcp
remote 45.77.33.105 465
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server

# Dont Modify this Part
verify-x509-name BonveioVPN name

auth SHA1
auth-user-pass
auth-nocache
cipher AES-128-GCM
compress
setenv CLIENT_CERT 0
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 3

# Payload
http-proxy 45.77.33.105 8000
http-proxy-option CUSTOM-HEADER ""
http-proxy-option CUSTOM-HEADER "POST https://viber.com HTTP/1.1"
http-proxy-option CUSTOM-HEADER "X-Forwarded-For: viber.com"

# Uncomment this line to Windows 10 Users
# To prevent DNS Leaks
# setenv opt block-outside-dns

<ca>
-----BEGIN CERTIFICATE-----
MIIBpjCCAUygAwIBAgIJAOopRuYzDudUMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
CkJvbnZlaW9WUE4wHhcNMTkwODE1MDUzNzQ0WhcNMjkwODEyMDUzNzQ0WjAVMRMw
EQYDVQQDDApCb252ZWlvVlBOMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+hgr
JfB9gJgQTJVz+xn2m/OVpYXFHh2wpNeGhhsLMuFagKf7XJN0ZsnQG6aGhewaPRUt
FvY4BbU2utqj1Ka5pKOBhDCBgTAdBgNVHQ4EFgQUbYDuRsrq6i9w33p1PXHpZBSg
tvswRQYDVR0jBD4wPIAUbYDuRsrq6i9w33p1PXHpZBSgtvuhGaQXMBUxEzARBgNV
BAMMCkJvbnZlaW9WUE6CCQDqKUbmMw7nVDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
AwIBBjAKBggqhkjOPQQDAgNIADBFAiAy1H1btIQXFtm2KCFSKKA9uvQc/uch7ZYJ
xv6jn9GttQIhANssH1DbjDi0bUV858bNnPlwUTC5fGkNNgmh0xnL0CVh
-----END CERTIFICATE-----
</ca>

To view the contents of the certificate (as inidicated by BEGIN and END headers), I will use openssl:

Code:

user@debian10:~$ openssl x509 -text -noout -in <(sed -n '/^-----BEGIN/,/-----END/p'  Downloads/SunConfig.ovpn)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ea:29:46:e6:33:0e:e7:54
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN = BonveioVPN
        Validity
            Not Before: Aug 15 05:37:44 2019 GMT
            Not After : Aug 12 05:37:44 2029 GMT
        Subject: CN = BonveioVPN
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:fa:18:2b:25:f0:7d:80:98:10:4c:95:73:fb:19:
                    f6:9b:f3:95:a5:85:c5:1e:1d:b0:a4:d7:86:86:1b:
                    0b:32:e1:5a:80:a7:fb:5c:93:74:66:c9:d0:1b:a6:
                    86:85:ec:1a:3d:15:2d:16:f6:38:05:b5:36:ba:da:
                    a3:d4:a6:b9:a4
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                6D:80:EE:46:CA:EA:EA:2F:70:DF:7A:75:3D:71:E9:64:14:A0:B6:FB
            X509v3 Authority Key Identifier: 
                keyid:6D:80:EE:46:CA:EA:EA:2F:70:DF:7A:75:3D:71:E9:64:14:A0:B6:FB
                DirName:/CN=BonveioVPN
                serial:EA:29:46:E6:33:0E:E7:54

            X509v3 Basic Constraints: 
                CA:TRUE
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:20:32:d4:7d:5b:b4:84:17:16:d9:b6:28:21:52:28:
         a0:3d:ba:f4:1c:fe:e7:21:ed:96:09:c6:fe:a3:9f:d1:ad:b5:
         02:21:00:db:2c:1f:50:db:8c:38:b4:6d:45:7c:e7:c6:cd:9c:
         f9:70:51:30:b9:7c:69:0d:36:09:a1:d3:19:cb:d0:25:61

Absolooowt · Sep 29, 2019

homer_simpson said:

Indicator ng start of X.509 certificate. Yung '----END CERTIFICATE----' indicator naman ng end of cert. Kung mapapansin mo, hindi pwede bawasan/dagdagan ang any part of certificate.

Certificates, are more or less digital equivalent ng notaryo. Mas mahirap (close to impossible) na mai-falsify iyan dahil nakabase sa mathematical computations.

Para makita ang contents ng certicate, let's take this SunConfig.ovpn file as an example:

Code:

user@debian10:~$ cat Downloads/SunConfig.ovpn
# Autoscript by Bonveio
# The new Setup of OpenVPN ( Eliptic Curve Encryption )
# More faster than traditional DH+KEY OpenVPN
# For manual installation, kindly pm me on Facebook: @Bonveio

client
dev tun
proto tcp
remote 45.77.33.105 465
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server

# Dont Modify this Part
verify-x509-name BonveioVPN name

auth SHA1
auth-user-pass
auth-nocache
cipher AES-128-GCM
compress
setenv CLIENT_CERT 0
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 3

# Payload
http-proxy 45.77.33.105 8000
http-proxy-option CUSTOM-HEADER ""
http-proxy-option CUSTOM-HEADER "POST https://viber.com HTTP/1.1"
http-proxy-option CUSTOM-HEADER "X-Forwarded-For: viber.com"

# Uncomment this line to Windows 10 Users
# To prevent DNS Leaks
# setenv opt block-outside-dns

<ca>
-----BEGIN CERTIFICATE-----
MIIBpjCCAUygAwIBAgIJAOopRuYzDudUMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM
CkJvbnZlaW9WUE4wHhcNMTkwODE1MDUzNzQ0WhcNMjkwODEyMDUzNzQ0WjAVMRMw
EQYDVQQDDApCb252ZWlvVlBOMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+hgr
JfB9gJgQTJVz+xn2m/OVpYXFHh2wpNeGhhsLMuFagKf7XJN0ZsnQG6aGhewaPRUt
FvY4BbU2utqj1Ka5pKOBhDCBgTAdBgNVHQ4EFgQUbYDuRsrq6i9w33p1PXHpZBSg
tvswRQYDVR0jBD4wPIAUbYDuRsrq6i9w33p1PXHpZBSgtvuhGaQXMBUxEzARBgNV
BAMMCkJvbnZlaW9WUE6CCQDqKUbmMw7nVDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
AwIBBjAKBggqhkjOPQQDAgNIADBFAiAy1H1btIQXFtm2KCFSKKA9uvQc/uch7ZYJ
xv6jn9GttQIhANssH1DbjDi0bUV858bNnPlwUTC5fGkNNgmh0xnL0CVh
-----END CERTIFICATE-----
</ca>

To view the contents of the certificate (as inidicated by BEGIN and END headers), I will use openssl:

Code:

user@debian10:~$ openssl x509 -text -noout -in <(sed -n '/^-----BEGIN/,/-----END/p'  Downloads/SunConfig.ovpn)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ea:29:46:e6:33:0e:e7:54
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN = BonveioVPN
        Validity
            Not Before: Aug 15 05:37:44 2019 GMT
            Not After : Aug 12 05:37:44 2029 GMT
        Subject: CN = BonveioVPN
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:fa:18:2b:25:f0:7d:80:98:10:4c:95:73:fb:19:
                    f6:9b:f3:95:a5:85:c5:1e:1d:b0:a4:d7:86:86:1b:
                    0b:32:e1:5a:80:a7:fb:5c:93:74:66:c9:d0:1b:a6:
                    86:85:ec:1a:3d:15:2d:16:f6:38:05:b5:36:ba:da:
                    a3:d4:a6:b9:a4
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:80:EE:46:CA:EA:EA:2F:70:DF:7A:75:3D:71:E9:64:14:A0:B6:FB
            X509v3 Authority Key Identifier:
                keyid:6D:80:EE:46:CA:EA:EA:2F:70:DF:7A:75:3D:71:E9:64:14:A0:B6:FB
                DirName:/CN=BonveioVPN
                serial:EA:29:46:E6:33:0E:E7:54

            X509v3 Basic Constraints:
                CA:TRUE
            X509v3 Key Usage:
                Certificate Sign, CRL Sign
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:20:32:d4:7d:5b:b4:84:17:16:d9:b6:28:21:52:28:
         a0:3d:ba:f4:1c:fe:e7:21:ed:96:09:c6:fe:a3:9f:d1:ad:b5:
         02:21:00:db:2c:1f:50:db:8c:38:b4:6d:45:7c:e7:c6:cd:9c:
         f9:70:51:30:b9:7c:69:0d:36:09:a1:d3:19:cb:d0:25:61

So boss if gagawa ka ng config, no need mo na yan palitan or may gawin? Kasi pag nag dl ka ng config meron na yan agad ih,
Payload lang kailangan palitan?

homer_simpson · Sep 29, 2019

Pag-gagawa ka ng config, it's either i-supply ng VPN provider mo yung cert; o wag mo galawin kung ano man yung i-supply sayo. 1 character lang na mabawas/madagdag dyan (kahit space), it won't match yung nasa server, therefore will fail.

Pagnagka-error related sa cert upon connection at wala ka nman kamo binago, posible na: a) revoked yung cert mo; o nag-bago ng cert ang VPN operator.

Yes, payload and others (as long as hindi conflict sa server) ang pwede baguhin.

Absolooowt · Sep 29, 2019

homer_simpson said:
Pag-gagawa ka ng config, it's either i-supply ng VPN provider mo yung cert; o wag mo galawin kung ano man yung i-supply sayo. 1 character lang na mabawas/madagdag dyan (kahit space), it won't match yung nasa server, therefore will fail.

Pagnagka-error related sa cert upon connection at wala ka nman kamo binago, posible na: a) revoked yung cert mo; o nag-bago ng cert ang VPN operator.

Yes, payload and others (as long as hindi conflict sa server) ang pwede baguhin.

Tagal ko na kcing sinusubukan gumawa talaga ng config. Ty dito paps

Search

Search

❓ Help Begin Certificate

Absolooowt

Eternal Poster

homer_simpson

Eternal Poster

Absolooowt

Eternal Poster

homer_simpson

Eternal Poster

Absolooowt

Eternal Poster

Similar threads

About this Thread

New Topics

LF META AGENT!!!!

LF AGENT META!!!!!

Gaano katagal mag pa elite?

Lf BTS membership

Hindi ko macancel order ko sa lazada

Hirap magpa established.....

Sino dito naglalaro ng lootfiend?

Nakakatamad na pumasok

Ask ko lang po about Netflix cookies

SOLAR OLINE TRAINING

Trending Topics

Online now

Forum statistics