minor updates

trimstray · trimstray · commit 25a4104dd33a · 2020-08-25T07:24:00.000+02:00
- signed-off-by: trimstray &lt;trimstray@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -300,7 +300,7 @@
       * [Debug mode (with Lua)](doc/HELPERS.md#debug-mode-with-lua)
       * [Analyse data pass to and from the threads](doc/HELPERS.md#analyse-data-pass-to-and-from-the-threads)
       * [Parsing wrk result and generate report](doc/HELPERS.md#parsing-wrk-result-and-generate-report)
-    * [Load testing with locust](#load-testing-with-locust)
+    * [Load testing with locust](doc/HELPERS.md#load-testing-with-locust)
       * [Multiple paths](doc/HELPERS.md#multiple-paths)
       * [Multiple paths with different user sessions](doc/HELPERS.md#multiple-paths-with-different-user-sessions)
     * [TCP SYN flood Denial of Service attack](doc/HELPERS.md#tcp-syn-flood-denial-of-service-attack)
@@ -389,15 +389,16 @@
     * [Generate CSR (metadata from existing certificate)](doc/HELPERS.md#generate-csr-metadata-from-existing-certificate)
     * [Generate CSR with -config param](doc/HELPERS.md#generate-csr-with--config-param)
     * [Generate private key and CSR](doc/HELPERS.md#generate-private-key-and-csr)
-    * [List available EC curves](#list-available-ec-curves)
+    * [List available EC curves](doc/HELPERS.md#list-available-ec-curves)
+    * [Print ECDSA private and public keys](doc/HELPERS.md#print-ecdsa-private-and-public-keys)
     * [Generate ECDSA private key](doc/HELPERS.md#generate-ecdsa-private-key)
     * [Generate private key and CSR (ECC)](doc/HELPERS.md#generate-private-key-and-csr-ecc)
     * [Generate self-signed certificate](doc/HELPERS.md#generate-self-signed-certificate)
     * [Generate self-signed certificate from existing private key](doc/HELPERS.md#generate-self-signed-certificate-from-existing-private-key)
     * [Generate self-signed certificate from existing private key and csr](doc/HELPERS.md#generate-self-signed-certificate-from-existing-private-key-and-csr)
-    * [Generate multidomain certificate](doc/HELPERS.md#generate-multidomain-certificate)
-    * [Generate wildcard certificate](doc/HELPERS.md#generate-wildcard-certificate)
-    * [Generate certificate with 4096 bit private key](doc/HELPERS.md#generate-certificate-with-4096-bit-private-key)
+    * [Generate multidomain certificate (Certbot)](doc/HELPERS.md#generate-multidomain-certificate-certbot)
+    * [Generate wildcard certificate (Certbot)](doc/HELPERS.md#generate-wildcard-certificate-certbot)
+    * [Generate certificate with 4096 bit private key (Certbot)](doc/HELPERS.md#generate-certificate-with-4096-bit-private-key-certbot)
     * [Generate DH public parameters](doc/HELPERS.md#generate-dh-public-parameters)
     * [Display DH public parameters](doc/HELPERS.md#display-dh-public-parameters)
     * [Extract private key from pfx](doc/HELPERS.md#extract-private-key-from-pfx)
@@ -406,14 +407,14 @@
     * [Convert DER to PEM](doc/HELPERS.md#convert-der-to-pem)
     * [Convert PEM to DER](doc/HELPERS.md#convert-pem-to-der)
     * [Verification of the certificate's supported purposes](doc/HELPERS.md#verification-of-the-certificates-supported-purposes)
-    * [Check private key](#check-private-key)
+    * [Check private key](doc/HELPERS.md#check-private-key)
     * [Verification of the private key](doc/HELPERS.md#verification-of-the-private-key)
-    * [Get public key from private key](#get-public-key-from-private-key)
+    * [Get public key from private key](doc/HELPERS.md#get-public-key-from-private-key)
     * [Verification of the public key](doc/HELPERS.md#verification-of-the-public-key)
     * [Verification of the certificate](doc/HELPERS.md#verification-of-the-certificate)
     * [Verification of the CSR](doc/HELPERS.md#verification-of-the-csr)
-    * [Check whether the private key and the certificate match](doc/HELPERS.md#check-whether-the-private-key-and-the-certificate-match)
-    * [Check whether the private key and the CSR match](doc/HELPERS.md#check-whether-the-private-key-and-the-csr-match)
+    * [Check the private key and the certificate are match](doc/HELPERS.md#check-the-private-key-and-the-certificate-are-match)
+    * [Check the private key and the CSR are match](doc/HELPERS.md#check-the-private-key-and-the-csr-are-match)
     [TLSv1.3 and CCM ciphers](doc/HELPERS.md#tlsv13-and-ccm-ciphers)
 - **[Base Rules (16)](doc/RULES.md#base-rules)**<a id="toc-base-rules"></a>
   * [Organising Nginx configuration](doc/RULES.md#beginner-organising-nginx-configuration)
@@ -1086,9 +1087,9 @@ Existing chapters:
     - [x] _Generate self-signed certificate_
     - [x] _Generate self-signed certificate from existing private key_
     - [x] _Generate self-signed certificate from existing private key and csr_
-    - [x] _Generate multidomain certificate_
-    - [x] _Generate wildcard certificate_
-    - [x] _Generate certificate with 4096 bit private key_
+    - [x] _Generate multidomain certificate (Certbot)_
+    - [x] _Generate wildcard certificate (Certbot)_
+    - [x] _Generate certificate with 4096 bit private key (Certbot)_
     - [x] _Generate DH public parameters_
     - [x] _Display DH public parameters_
     - [x] _Extract certs from p7b_
@@ -1101,7 +1102,7 @@ Existing chapters:
     - [x] _Verification of the public key_
     - [x] _Verification of the certificate_
     - [x] _Verification of the CSR_
-    - [x] _Check whether the private key and the certificate match_
+    - [x] _Check the private key and the certificate are match_
     - [x] _TLSv1.3 and CCM ciphers_
 
 </details>
diff --git a/doc/HELPERS.md b/doc/HELPERS.md
@@ -157,14 +157,15 @@ Go back to the **[Table of Contents](https://github.com/trimstray/nginx-admins-h
     * [Generate CSR with -config param](#generate-csr-with--config-param)
     * [Generate private key and CSR](#generate-private-key-and-csr)
     * [List available EC curves](#list-available-ec-curves)
+    * [Print ECDSA private and public keys](#print-ecdsa-private-and-public-keys)
     * [Generate ECDSA private key](#generate-ecdsa-private-key)
     * [Generate private key and CSR (ECC)](#generate-private-key-with-csr-ecc)
     * [Generate self-signed certificate](#generate-self-signed-certificate)
     * [Generate self-signed certificate from existing private key](#generate-self-signed-certificate-from-existing-private-key)
     * [Generate self-signed certificate from existing private key and csr](#generate-self-signed-certificate-from-existing-private-key-and-csr)
-    * [Generate multidomain certificate](#generate-multidomain-certificate)
-    * [Generate wildcard certificate](#generate-wildcard-certificate)
-    * [Generate certificate with 4096 bit private key](#generate-certificate-with-4096-bit-private-key)
+    * [Generate multidomain certificate (Certbot)](#generate-multidomain-certificate-certbot)
+    * [Generate wildcard certificate (Certbot)](#generate-wildcard-certificate-certbot)
+    * [Generate certificate with 4096 bit private key (Certbot)](#generate-certificate-with-4096-bit-private-key-certbot)
     * [Generate DH public parameters](#generate-dh-public-parameters)
     * [Display DH public parameters](#display-dh-public-parameters)
     * [Extract private key from pfx](#extract-private-key-from-pfx)
@@ -179,8 +180,8 @@ Go back to the **[Table of Contents](https://github.com/trimstray/nginx-admins-h
     * [Verification of the public key](#verification-of-the-public-key)
     * [Verification of the certificate](#verification-of-the-certificate)
     * [Verification of the CSR](#verification-of-the-csr)
-    * [Check whether the private key and the certificate match](#check-whether-the-private-key-and-the-certificate-match)
-    * [Check whether the private key and the CSR match](#check-whether-the-private-key-and-the-csr-match)
+    * [Check the private key and the certificate are match](#check-the-private-key-and-the-certificate-are-match)
+    * [Check the private key and the CSR are match](#check-the-private-key-and-the-csr-are-match)
     * [TLSv1.3 and CCM ciphers](#tlsv13-and-ccm-ciphers)
 
 #### Installing from prebuilt packages
@@ -7492,7 +7493,7 @@ htpasswd -c htpasswd_example.com.conf <username>
 
 ```bash
 # _len: 2048, 4096
-( _fd="private.key" ; _len="4096" ; \
+( _fd="private.key" ; _len="2048" ; \
 openssl genrsa -out ${_fd} ${_len} )
 ```
 
@@ -7501,7 +7502,7 @@ openssl genrsa -out ${_fd} ${_len} )
 ```bash
 # _ciph: des3, aes128, aes256
 # _len: 2048, 4096
-( _ciph="aes128" ; _fd="private.key" ; _len="4096" ; \
+( _ciph="aes128" ; _fd="private.key" ; _len="2048" ; \
 openssl genrsa -${_ciph} -out ${_fd} ${_len} )
 ```
 
@@ -7520,6 +7521,13 @@ openssl rsa -in ${_fd} -out ${_fd_unp} )
 openssl rsa -${_ciph} -in ${_fd} -out ${_fd_pass}
 ```
 
+###### Generate private key and CSR
+
+```bash
+( _fd="private.key" ; _fd_csr="request.csr" ; _len="2048" ; \
+openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} )
+```
+
 ###### Generate CSR
 
 ```bash
@@ -7604,17 +7612,21 @@ For more information please look at these great explanations:
 - [Your OpenSSL CSR command is out of date](https://expeditedsecurity.com/blog/openssl-csr-command/)
 - [OpenSSL example configuration file](https://www.tbs-certificats.com/openssl-dem-server-cert.cnf)
 
-###### Generate private key and CSR
+###### List available EC curves
 
 ```bash
-( _fd="private.key" ; _fd_csr="request.csr" ; _len="4096" ; \
-openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} )
+openssl ecparam -list_curves
 ```
 
-###### List available EC curves
+###### Print ECDSA private and public keys
 
 ```bash
-openssl ecparam -list_curves
+( _fd="private.key" ; \
+openssl ec -in ${_fd} -noout -text )
+
+# For x25519 only extracting public key
+( _fd="private.key" ; _fd_pub="public.key" ; \
+openssl pkey -in ${_fd} -pubout -out ${_fd_pub} )
 ```
 
 ###### Generate ECDSA private key
@@ -7642,7 +7654,7 @@ openssl req -new -key ${_fd} -out ${_fd_csr} -sha256 )
 
 ```bash
 # _len: 2048, 4096
-( _fd="domain.key" ; _fd_out="domain.crt" ; _len="4096" ; _days="365" ; \
+( _fd="domain.key" ; _fd_out="domain.crt" ; _len="2048" ; _days="365" ; \
 openssl req -newkey rsa:${_len} -nodes \
 -keyout ${_fd} -x509 -days ${_days} -out ${_fd_out} )
 ```
@@ -7665,19 +7677,19 @@ openssl x509 -signkey ${_fd} -nodes \
 -in ${_fd_csr} -req -days ${_days} -out ${_fd_out} )
 ```
 
-###### Generate multidomain certificate
+###### Generate multidomain certificate (Certbot)
 
 ```bash
 certbot certonly -d example.com -d www.example.com
 ```
 
-###### Generate wildcard certificate
+###### Generate wildcard certificate (Certbot)
 
 ```bash
 certbot certonly --manual --preferred-challenges=dns -d example.com -d *.example.com
 ```
 
-###### Generate certificate with 4096 bit private key
+###### Generate certificate with 4096 bit private key (Certbot)
 
 ```bash
 certbot certonly -d example.com -d www.example.com --rsa-key-size 4096
@@ -7789,14 +7801,14 @@ openssl x509 -noout -text -in ${_fd} )
 openssl req -text -noout -in ${_fd_csr} )
 ```
 
-###### Check whether the private key and the certificate match
+###### Check the private key and the certificate are match
 
 ```bash
 (openssl rsa -noout -modulus -in private.key | openssl md5 ; \
 openssl x509 -noout -modulus -in certificate.crt | openssl md5) | uniq
 ```
 
-###### Check whether the private key and the CSR match
+###### Check the private key and the CSR are match
 
 ```bash
 (openssl rsa -noout -modulus -in private.key | openssl md5 ; \
