Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
Tags
- WiFi
- MQTT
- C Script
- NB-IoT
- IoTMakers
- WIZwiki-W7500
- LoRa
- ESP8266
- Gainspan
- cloud
- KT
- 안드로이드
- 오픈 하우스
- AT+FSOCK
- WizFi250
- IOT
- SerialPassthrough
- WizFi310
- SSL Server
- W7500
- ThingPlug
- PicoC
- script
- Cat M1
- OpenSSL
- WizFi210
- AT+MEVTFORM
- SKT
- Neul
- micropython
Archives
- Today
- Total
IoT Wireless
WizFi250 SSL Server Test & Certificate 본문
오늘은 WizFi250에 포함된 Certificate의 정보를 확인해보고 WizFi250을 SSL Server로 하여 통신 테스트를 진행해 보겠다.
먼저, AT+MCERT 명령을 이용해서 WizFi250에서 인증서와 키를 추출하자.
위에서 추출된 인증서와 키를 텍스트 파일로 저장한다. (BEGIN 라인부터 END 라인까지)
추출된 인증서 정보를 openssl을 이용하여 확인하면 아래와 같다.
이제, Open SSL의 SSL Client를 이용하여, 실제적인 SSL 데이터 통신을 해보자.
Open SSL의 SSL Client로 WizFi250의 SSL Server에 접속하면, 아래 로그처럼, 일련의 Handshaking 과정을 거친 후에, 데이터 송/수신이 가능하게 된다.
먼저, AT+MCERT 명령을 이용해서 WizFi250에서 인증서와 키를 추출하자.
AT+MCERT=r,c -----BEGIN CERTIFICATE----- MIIDpTCCAo0CAQEwDQYJKoZIhvcNAQEFBQAwgZcxCzAJBgNVBAYTAktSMRMwEQYD VQQIDApHZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTENMAsGA1UECgwE V25ldDETMBEGA1UECwwKV2ktRmkgVGVhbTEVMBMGA1UEAwwMd2l6bmV0LmNvLmty MSIwIAYJKoZIhvcNAQkBFhN3aXpuZXRAd2l6bmV0LmNvLmtyMB4XDTEzMDUyMDA3 MTUwNFoXDTE1MDUyMDA3MTUwNFowgZgxCzAJBgNVBAYTAktSMRMwEQYDVQQIDApH ZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTEPMA0GA1UECgwGV0labmV0 MRIwEAYDVQQLDAlXaS1GaSBUZW0xFTATBgNVBAMMDHdpem5ldC5jby5rcjEiMCAG CSqGSIb3DQEJARYTd2l6bmV0QHdpem5ldC5jby5rcjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAK66ssTgrEQnAUU7dcrWpx8u59eDrg11DGGZHopSFCd9 IZICf3gCiv0HEMILtVyCvSUZv2e1nTZ6OvKUX+8cHqbK9l0kmOtXXdaX+ZHpvAzG DpCbxbXL/RupELNKnCgyV95BggZSWFMlrLHscykffdJKUUQmAGj7NdZh/nXqAIAs lmp2xdtaco3PdI0zVq7BnIiKoQoEab0QHHLnwfdsEVufq61c5dQAnwAX2z4mfGLl oy2QIptf9QgD/8wxy/GWLNOxnlxQQp5BqE+T+Xd2O/qB5NXUv39CS6rdh5avFHKs Cl9fhHYHDU4Hz7dAoujZaVEanziSRrcnfVXyGXr5HyECAwEAATANBgkqhkiG9w0B AQUFAAOCAQEAbY0mJH9SCJi8oeaNitLyUSDoaRWDnfA1K0iuQqiVtin4r+pxydbb QY4UTl6CtI7tLrTWCPUpgn/eLMpNPpD2LMrUjUd5wtQsXcoROwSN7ImBqt6XX/W+ ................................................................ ................................................................ ................................................................ XzVVcwYGyL5CV2HGISJM5YOiNGl5DsGFig== -----END CERTIFICATE----- [OK] AT+MCERT=r,k -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEArrqyxOCsRCcBRTt1ytanHy7n14OuDXUMYZkeilIUJ30hkgJ/ eAKK/QcQwgu1XIK9JRm/Z7WdNno68pRf7xwepsr2XSSY61dd1pf5kem8DMYOkJvF tcv9G6kQs0qcKDJX3kGCBlJYUyWssexzKR990kpRRCYAaPs11mH+deoAgCyWanbF 21pyjc90jTNWrsGciIqhCgRpvRAccufB92wRW5+rrVzl1ACfABfbPiZ8YuWjLZAi m1/1CAP/zDHL8ZYs07GeXFBCnkGoT5P5d3Y7+oHk1dS/f0JLqt2Hlq8UcqwKX1+E dgcNTgfPt0Ci6NlpURqfOJJGtyd9VfIZevkfIQIDAQABAoIBABn2b93FLJOr4Apz fVs4bfi6NYTWciRZwg82e00+SPRdKYHSkTI53oEebaUHrFkkrAo5OzGj0MppexzU YzTaTsul2NmaOIavoqfiSRkfS+vx+fQO0V/kAaX8hxi8+1sVr+y8ex+JWMpyDKkb Yzk3DrESjeS8aM8wlJ1YTkEjFhP1TRFtK4GJc25MOJvl2cg7oswANseKgtMvjR+S r/ZvWEzeOiDGJxsXrWZgR5TbM++6zWfHC6kR/0CqA1PO9uTAuAR0oei/EiJRtJOa vRjSPWCnelcUgL+YH7iaF6akD/L/WHM1UmmGrSnxaKy9s76cfq3q8v7TWh/E47fj AQrOxeECgYEA5Jr1ZJ3KYFrtdJyngnPQpJYW0/xsrmR3rjoQf0bTEhGejBLAN1Ih TxaUq84Fvaj8FnOGUv+Wu8yBH6Vp6FWnDBTpS61MM02hA500NUarI0bf2Qu7E9xU PqLoUM2IWsQ3T5o3IocE08iQSmOoUjoRwmu/sdA0jnr2CdjeAWyP1j0CgYEAw6r1 LwKmmfXm6xAvkFm25VgcWBMUVLkDQo2Zz0CtpA+8EB6t7iVeKzYtzO4wLpYxVz14 ZXOSvqgn3TY7Ht8V9mOzfiEH3/Vo4zrHOHN6pcvZR2XQEQDc7bp2pzrU2LoYGjyD xbQX3lXr9rt6cDiUTWXqwWf9KZAUjAWadS0RnrUCgYA/zzUR2a1kidzgAN4M3rDt T+udTkczwl1Zp2F1dVpzH7HmnVFD38vmXIIxFnepweJjjel/f1Iep22fXLecH1Ra XffkpMGxTEjWTmoFOO2KEj1nQwv79jMZrLU14LjfxQc/U+dx3sgtKT2FVh3kncrZ PuQqCNiysIW+p+cH9LqNbQKBgDNEEJdvl10Ra549EGk+yEfQzSRaY2JLU0pVtW3y 4Uvx/3EtyJ5z1fd2a4udAKzEF0tnRKs4G8OuZTt1YQoWozd6KeYrG1gXgZK/rMDi ................................................................ ................................................................ ................................................................ FkSR7svgvCaEl7pX063qAZawAQUllVHRL4fbXOzqq2LdENU84FHV -----END RSA PRIVATE KEY----- [OK]
위에서 추출된 인증서와 키를 텍스트 파일로 저장한다. (BEGIN 라인부터 END 라인까지)
- WizFi250-Cert.crt
- WizFi250-Key.key
추출된 인증서 정보를 openssl을 이용하여 확인하면 아래와 같다.
D:\openssl-test>openssl x509 -text -noout -in WizFi250-Cert.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=KR, ST=Geonggi-Do, L=Seongnam-Si, O=Wnet, OU=Wi-Fi Team, CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
Validity
Not Before: May 20 07:15:04 2013 GMT
Not After : May 20 07:15:04 2015 GMT
Subject: C=KR, ST=Geonggi-Do, L=Seongnam-Si, O=WIZnet, OU=Wi-Fi Tem, CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:ba:b2:c4:e0:ac:44:27:01:45:3b:75:ca:d6:
a7:1f:2e:e7:d7:83:ae:0d:75:0c:61:99:1e:8a:52:
14:27:7d:21:92:02:7f:78:02:8a:fd:07:10:c2:0b:
b5:5c:82:bd:25:19:bf:67:b5:9d:36:7a:3a:f2:94:
5f:ef:1c:1e:a6:ca:f6:5d:24:98:eb:57:5d:d6:97:
f9:91:e9:bc:0c:c6:0e:90:9b:c5:b5:cb:fd:1b:a9:
10:b3:4a:9c:28:32:57:de:41:82:06:52:58:53:25:
ac:b1:ec:73:29:1f:7d:d2:4a:51:44:26:00:68:fb:
35:d6:61:fe:75:ea:00:80:2c:96:6a:76:c5:db:5a:
72:8d:cf:74:8d:33:56:ae:c1:9c:88:8a:a1:0a:04:
69:bd:10:1c:72:e7:c1:f7:6c:11:5b:9f:ab:ad:5c:
e5:d4:00:9f:00:17:db:3e:26:7c:62:e5:a3:2d:90:
22:9b:5f:f5:08:03:ff:cc:31:cb:f1:96:2c:d3:b1:
9e:5c:50:42:9e:41:a8:4f:93:f9:77:76:3b:fa:81:
............................................:
............................................:
............................................:
1f:21
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
6d:8d:26:24:7f:52:08:98:bc:a1:e6:8d:8a:d2:f2:51:20:e8:
69:15:83:9d:f0:35:2b:48:ae:42:a8:95:b6:29:f8:af:ea:71:
c9:d6:db:41:8e:14:4e:5e:82:b4:8e:ed:2e:b4:d6:08:f5:29:
82:7f:de:2c:ca:4d:3e:90:f6:2c:ca:d4:8d:47:79:c2:d4:2c:
5d:ca:11:3b:04:8d:ec:89:81:aa:de:97:5f:f5:be:76:b2:60:
8d:7b:ce:48:e7:27:48:32:7e:05:ef:73:aa:06:66:9f:b9:4c:
91:b3:c4:09:b8:f8:63:15:b6:b0:58:9c:85:cc:80:51:a9:f1:
08:ca:8c:b1:45:70:72:63:67:5d:9d:08:29:66:f0:86:8f:ed:
7e:1a:2a:ec:de:db:48:07:bc:0c:6e:e5:6b:ec:4c:63:16:92:
79:fd:63:df:50:d4:7e:15:24:1b:3a:89:75:92:5f:6b:0f:13:
eb:98:fd:d7:15:d5:fb:65:df:aa:e7:c8:66:29:ce:2f:97:d8:
ff:58:90:91:3e:5b:f6:c1:80:b5:88:09:be:c3:44:71:59:9f:
.....................................................:
.....................................................:
.....................................................:
0e:c1:85:8a
위에서 확인한 것처럼, WizFi250의 인증서에는 기본 적인 발급 정보가 있고, 인증서의 유효 기간은 2015년까지인 것으로 확인되었다.이제, Open SSL의 SSL Client를 이용하여, 실제적인 SSL 데이터 통신을 해보자.
Open SSL의 SSL Client로 WizFi250의 SSL Server에 접속하면, 아래 로그처럼, 일련의 Handshaking 과정을 거친 후에, 데이터 송/수신이 가능하게 된다.
D:\openssl-test>openssl s_client -connect 192.168.3.12:5000
Loading 'screen' into random state - done
CONNECTED(00000768)
depth=0 C = KR, ST = Geonggi-Do, L = Seongnam-Si, O = WIZnet, OU = Wi-Fi Tem, CN = wiznet.co.kr, emailAddress = wiznet@wiznet.co.kr
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = KR, ST = Geonggi-Do, L = Seongnam-Si, O = WIZnet, OU = Wi-Fi Tem, CN = wiznet.co.kr, emailAddress = wiznet@wiznet.co.kr
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = KR, ST = Geonggi-Do, L = Seongnam-Si, O = WIZnet, OU = Wi-Fi Tem, CN = wiznet.co.kr, emailAddress = wiznet@wiznet.co.kr
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=WIZnet/OU=Wi-Fi Tem/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
i:/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=Wnet/OU=Wi-Fi Team/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDpTCCAo0CAQEwDQYJKoZIhvcNAQEFBQAwgZcxCzAJBgNVBAYTAktSMRMwEQYD
VQQIDApHZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTENMAsGA1UECgwE
V25ldDETMBEGA1UECwwKV2ktRmkgVGVhbTEVMBMGA1UEAwwMd2l6bmV0LmNvLmty
MSIwIAYJKoZIhvcNAQkBFhN3aXpuZXRAd2l6bmV0LmNvLmtyMB4XDTEzMDUyMDA3
MTUwNFoXDTE1MDUyMDA3MTUwNFowgZgxCzAJBgNVBAYTAktSMRMwEQYDVQQIDApH
ZW9uZ2dpLURvMRQwEgYDVQQHDAtTZW9uZ25hbS1TaTEPMA0GA1UECgwGV0labmV0
MRIwEAYDVQQLDAlXaS1GaSBUZW0xFTATBgNVBAMMDHdpem5ldC5jby5rcjEiMCAG
CSqGSIb3DQEJARYTd2l6bmV0QHdpem5ldC5jby5rcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK66ssTgrEQnAUU7dcrWpx8u59eDrg11DGGZHopSFCd9
IZICf3gCiv0HEMILtVyCvSUZv2e1nTZ6OvKUX+8cHqbK9l0kmOtXXdaX+ZHpvAzG
DpCbxbXL/RupELNKnCgyV95BggZSWFMlrLHscykffdJKUUQmAGj7NdZh/nXqAIAs
lmp2xdtaco3PdI0zVq7BnIiKoQoEab0QHHLnwfdsEVufq61c5dQAnwAX2z4mfGLl
oy2QIptf9QgD/8wxy/GWLNOxnlxQQp5BqE+T+Xd2O/qB5NXUv39CS6rdh5avFHKs
Cl9fhHYHDU4Hz7dAoujZaVEanziSRrcnfVXyGXr5HyECAwEAATANBgkqhkiG9w0B
AQUFAAOCAQEAbY0mJH9SCJi8oeaNitLyUSDoaRWDnfA1K0iuQqiVtin4r+pxydbb
QY4UTl6CtI7tLrTWCPUpgn/eLMpNPpD2LMrUjUd5wtQsXcoROwSN7ImBqt6XX/W+
................................................................
................................................................
................................................................
XzVVcwYGyL5CV2HGISJM5YOiNGl5DsGFig==
-----END CERTIFICATE-----
subject=/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=WIZnet/OU=Wi-Fi Tem/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
issuer=/C=KR/ST=Geonggi-Do/L=Seongnam-Si/O=Wnet/OU=Wi-Fi Team/CN=wiznet.co.kr/emailAddress=wiznet@wiznet.co.kr
---
No client certificate CA names sent
---
SSL handshake has read 1099 bytes and written 536 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 811ADB75B41B31D00E47F125E74633F86320D610D07332CE1E3E53209893F30A
Session-ID-ctx:
Master-Key: F189891352B239D68FB8A2C22D16EF255BD46675B6A1AFC511C7F3CC2A5743E3297A5AC1842891E491EE1BD3D876C30E
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1412156542
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
Hello SSL Server
'WiFi module' 카테고리의 다른 글
| WizFi250 UDP Broadcast Test (0) | 2014.11.14 |
|---|---|
| WizFi250 SSL Test with Self-Signed-Certificate (0) | 2014.11.14 |
| IoT Device(WizFi250) 관점에서의 IoT Cloud System (0) | 2014.11.14 |
| WizFi250 FTP Client File Upload (0) | 2014.11.14 |
| Configuration WizFi250 using Smartphone (0) | 2014.11.14 |
'WiFi module' Related Articles
more
