Script started on Sat 12 Mar 2016 02:25:40 PM UTC signer:/tmp/ram-re-sign# cp /mmnnt/checksums.* /mnt/signature /mnt/signkey.pub . signer:/tmp/ram-re-sign# openssl dpgst signer:/tmp/ram-re-sign# (reverse-i-search)`':[34@d': head -n 1 /etc/ssl/CA/cacert.pem g': openssl dgst -sha256 checksums > checksums.verifyhash [1@s[1@t signer:/tmp/ram-re-sign# signer:/tmp/ram-re-sign# (reverse-i-search)`':r': openssl dgst -sha256 checksums > checksums.verifyhash s': openssl rsa < /etc/ssl/CA/cacert.pem > root.key [1@au': openssl rsautl -verify -keyform PEM -inkey signkey.pub -pubin -in signature > signature.verifysig  signer:/tmp/ram-re-sign# signer:/tmp/ram-re-sign# (reverse-i-search)`':c': openssl dgst -sha256 checksums > checksums.verifyhash a': cp /etc/ssl/CA/cacert.crt root.crtt': cat checksums.verifyhash signature.verifysig  signer:/tmp/ram-re-sign# SHA256(checksums)= 3fecbfa0f4c1974a1609a0060e22d189ee152ccee941bf3aea21d18f8a194a91 SHA256(checksums)= 3fecbfa0f4c1974a1609a0060e22d189ee152ccee941bf3aea21d18f8a194a91 signer:/tmp/ram-re-sign# (reverse-i-search)`':[46@c': cat checksums.verifyhash signature.verifysig [1@m': cmp [1@signer:/tmp/ram-re-sign# signer:/tmp/ram-re-sign# cp -p /etc/sskCAl/Ca/A/ceracert.crt /root.crt signer:/tmp/ram-re-sign# openssl rsa chsha256sum su-c checksums sha256sum: main: No such file or directory main: FAILED open or read sha256sum: main.o: No such file or directory main.o: FAILED open or read sha256sum: main.c: No such file or directory main.c: FAILED open or read sha256sum: WARNING: 3 of 3 listed files could not be read signer:/tmp/ram-re-sign# cdcp /mnt/main main main.c main.o signer:/tmp/ram-re-sign# cp /mnt/main . signer:/tmp/ram-re-sign# cp /mnt/main .sha256sum -c checksums main: OK sha256sum: main.o: No such file or directory main.o: FAILED open or read sha256sum: main.c: No such file or directory main.c: FAILED open or read sha256sum: WARNING: 2 of 3 listed files could not be read signer:/tmp/ram-re-sign# opensls rsa < /etc/sslC/CA/cacert.pem > kerooroot.key bash: opensls: command not found signer:/tmp/ram-re-sign# opensls rsa < /etc/ssl/CA/cacert.pem > root.key [1@l Enter pass phrase: writing RSA key signer:/tmp/ram-re-sign# cp -p /etc/ssl/class3/cacert.crt class3.crt signer:/tmp/ram-re-sign# ./main Removing old extension number 3 Removing old extension number 3 Removing old extension number 1 Root done, now to intermediate Removing old extension number 1 Success signer:/tmp/ram-re-sign# openssl x509 -in root.crt -noout -text > old1.txt signer:/tmp/ram-re-sign# openssl x509 -in root.crt -noout -text > old1.txt[1@_[1@2[1@5[1@61.txtn1.txte1.txtw1.txt signer:/tmp/ram-re-sign# diff old1 new1.txt diff: old1: No such file or directory signer:/tmp/ram-re-sign# diff old1 new1.txt [1@.[1@.[1@ [3@txt 4,5c4,5 < Serial Number: 0 (0x0) < Signature Algorithm: md5WithRSAEncryption --- > Serial Number: 15 (0xf) > Signature Algorithm: sha256WithRSAEncryption 54,58d53 < X509v3 Authority Key Identifier: < keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1 < DirName:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org < serial:00 < 61,65d55 < X509v3 CRL Distribution Points: < URI:https://www.cacert.org/revoke.crl < < Netscape CA Revocation Url: < https://www.cacert.org/revoke.crl 70,99c60,100 < Signature Algorithm: md5WithRSAEncryption < 28:c7:ee:9c:82:02:ba:5c:80:12:ca:35:0a:1d:81:6f:89:6a: < 99:cc:f2:68:0f:7f:a7:e1:8d:58:95:3e:bd:f2:06:c3:90:5a: < ac:b5:60:f6:99:43:01:a3:88:70:9c:9d:62:9d:a4:87:af:67: < 58:0d:30:36:3b:e6:ad:48:d3:cb:74:02:86:71:3e:e2:2b:03: < 68:f1:34:62:40:46:3b:53:ea:28:f4:ac:fb:66:95:53:8a:4d: < 5d:fd:3b:d9:60:d7:ca:79:69:3b:b1:65:92:a6:c6:81:82:5c: < 9c:cd:eb:4d:01:8a:a5:df:11:55:aa:15:ca:1f:37:c0:82:98: < 70:61:db:6a:7c:96:a3:8e:2e:54:3e:4f:21:a9:90:ef:dc:82: < bf:dc:e8:45:ad:4d:90:73:08:3c:94:65:b0:04:99:76:7f:e2: < bc:c2:6a:15:aa:97:04:37:24:d8:1e:94:4e:6d:0e:51:be:d6: < c4:8f:ca:96:6d:f7:43:df:e8:30:65:27:3b:7b:bb:43:43:63: < c4:43:f7:b2:ec:68:cc:e1:19:8e:22:fb:98:e1:7b:5a:3e:01: < 37:3b:8b:08:b0:a2:f3:95:4e:1a:cb:9b:cd:9a:b1:db:b2:70: < f0:2d:4a:db:d8:b0:e3:6f:45:48:33:12:ff:fe:3c:32:2a:54: < f7:c4:f7:8a:f0:88:23:c2:47:fe:64:7a:71:c0:d1:1e:a6:63: < b0:07:7e:a4:2f:d3:01:8f:dc:9f:2b:b6:c6:08:a9:0f:93:48: < 25:fc:12:fd:9f:42:dc:f3:c4:3e:f6:57:b0:d7:dd:69:d1:06: < 77:34:0a:4b:d2:ca:a0:ff:1c:c6:8c:c9:16:be:c4:cc:32:37: < 68:73:5f:08:fb:51:f7:49:53:36:05:0a:95:02:4c:f2:79:1a: < 10:f6:d8:3a:75:9c:f3:1d:f1:a2:0d:70:67:86:1b:b3:16:f5: < 2f:e5:a4:eb:79:86:f9:3d:0b:c2:73:0b:a5:99:ac:6f:fc:67: < b8:e5:2f:0b:a6:18:24:8d:7b:d1:48:35:29:18:40:ac:93:60: < e1:96:86:50:b4:7a:59:d8:8f:21:0b:9f:cf:82:91:c6:3b:bf: < 6b:dc:07:91:b9:97:56:23:aa:b6:6c:94:c6:48:06:3c:e4:ce: < 4e:aa:e4:f6:2f:09:dc:53:6f:2e:fc:74:eb:3a:63:99:c2:a6: < ac:89:bc:a7:b2:44:a0:0d:8a:10:e3:6c:f2:24:cb:fa:9b:9f: < 70:47:2e:de:14:8b:d4:b2:20:09:96:a2:64:f1:24:1c:dc:a1: < 35:9c:15:b2:d4:bc:55:2e:7d:06:f5:9c:0e:55:f4:5a:d6:93: < da:76:ad:25:73:4c:c5:43 --- > X509v3 CRL Distribution Points: > URI:http://crl.cacert.org/revoke.crl > > Netscape CA Revocation Url: > URI:http://crl.cacert.org/revoke.crl > Authority Information Access: > OCSP - URI:http://ocsp.cacert.org > > X509v3 Authority Key Identifier: > keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1 > > Signature Algorithm: sha256WithRSAEncryption > 47:9c:d7:b3:a2:17:d3:52:53:b7:b4:6a:dd:bf:9b:35:15:21: > 6c:ef:6f:18:13:20:81:cc:e8:ed:1d:2a:22:1d:64:76:14:ba: > 5b:37:2b:0e:83:ba:3e:4a:6e:46:0d:0b:de:a3:3b:61:00:7a: > a7:0d:95:fa:e6:f3:17:bc:65:e0:2d:07:5a:5b:5f:cc:f4:db: > cc:01:dd:26:d8:da:25:0c:3b:41:a0:65:98:06:29:37:60:8b: > 07:a2:5e:83:ca:bf:d5:7a:60:77:0f:fe:20:fd:46:47:07:60: > ef:15:29:45:e5:00:e3:cd:a5:e0:c1:f5:91:fd:16:d1:a7:7d: > e1:2b:88:7c:d5:90:1d:c7:4b:02:99:a7:a3:f4:94:87:56:e9: > 67:27:96:ac:c9:e5:86:41:8d:0c:a3:31:08:24:17:43:7e:b4: > 4f:01:47:73:c7:5f:10:06:aa:e6:bc:ba:71:9c:e6:d6:87:ad: > ae:44:af:88:4d:aa:a1:fc:6f:bf:55:45:89:0f:bd:4d:7d:ff: > ce:41:02:0a:c5:01:fc:48:cf:33:49:71:14:19:ae:f5:3e:48: > 87:e1:2a:9e:cf:62:be:6a:c4:21:00:ef:f6:d3:72:24:7b:8b: > b0:33:6a:6d:40:5a:97:b3:a8:88:f6:67:5e:4f:4b:1f:ea:9b: > fa:92:df:d6:87:ef:e6:7a:32:e6:f5:f6:6b:93:8a:79:b1:de: > fb:41:31:fc:0e:de:f8:6f:c7:b8:e8:d5:36:a8:59:f6:3e:4d: > 8a:ca:5f:ab:dc:cd:c8:e1:c6:58:3f:28:7e:3f:03:1f:00:79: > d0:bd:57:87:91:fe:11:b2:28:81:af:e1:24:24:27:46:dc:56: > 90:73:fa:f7:d4:f5:26:92:c5:63:06:a9:82:99:62:bc:5e:13: > 16:fe:1f:aa:9d:27:1d:32:82:d7:1f:60:1a:b2:20:be:e6:09: > 97:5b:71:20:a9:b1:5d:d7:c9:ce:0b:1c:33:3a:a9:69:b8:6d: > 1c:e3:17:3a:2c:10:06:95:b3:c8:99:28:7c:5f:f0:e7:97:b4: > 2e:db:59:0c:19:04:b2:29:55:fe:f5:b4:08:9b:0f:b3:77:8d: > 69:01:7e:88:c5:ac:70:63:a4:80:b1:65:5a:c0:12:dc:7c:32: > 89:82:cd:26:8d:ba:6a:ac:96:3d:a2:1d:73:c1:38:72:4e:d2: > 93:4f:16:ac:5a:c7:20:ad:c4:1e:be:27:d4:56:70:98:ba:45: > 02:fb:9c:2a:a8:25:d2:1a:fe:da:3c:a9:ca:1e:69:b8:0d:ca: > 92:c1:c5:dc:2b:14:ce:33:14:bf:3c:4c:87:29:21:f7:3a:cc: > c5:00:07:2c:15:6b:1b:07 signer:/tmp/ram-re-sign# opeenssl x09x509 -in root_256.crt -outform der | openssl dgst -sha256 07edbd824a4988cfef4215da20d48c2b41d71529d7c900f570926f277cc230c5 signer:/tmp/ram-re-sign# ope nsslnssl x509 -in class3.crt -noout -text > old3.text signer:/tmp/ram-re-sign# openssl x509 -in class3.crt -noout -text > old3.text[1@_[1@2[1@5[1@63.textm3.texte3.textw3.text3.text3.text3.textn3.texte3.textw3.text signer:/tmp/ram-re-sign# ddiff nold3 .text new.3.text 4c4 < Serial Number: 672138 (0xa418a) --- > Serial Number: 14 (0xe) 54,58d53 < X509v3 Authority Key Identifier: < keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1 < DirName:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org < serial:00 < 72a68,70 > X509v3 Authority Key Identifier: > keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1 > 74,102c72,100 < 29:28:85:ae:44:a9:b9:af:a4:79:13:f0:a8:a3:2b:97:60:f3: < 5c:ee:e3:2f:c1:f6:e2:66:a0:11:ae:36:37:3a:76:15:04:53: < ea:42:f5:f9:ea:c0:15:d8:a6:82:d9:e4:61:ae:72:0b:29:5c: < 90:43:e8:41:b2:e1:77:db:02:13:44:78:47:55:af:58:fc:cc: < 98:f6:45:b9:d1:20:f8:d8:21:07:fe:6d:aa:73:d4:b3:c6:07: < e9:09:85:cc:3b:f2:b6:be:2c:1c:25:d5:71:8c:39:b5:2e:ea: < be:18:81:ba:b0:93:b8:0f:e3:e6:d7:26:8c:31:5a:72:03:84: < 52:e6:a6:f5:33:22:45:0a:c8:0b:0d:8a:b8:36:6f:90:09:a1: < ab:bd:d7:d5:4e:2e:71:a2:d4:ae:fa:a7:54:2b:eb:35:8d:5a: < b7:54:88:2f:ee:74:9f:ed:48:16:ca:0d:48:d0:94:d3:ac:a4: < a2:f6:24:df:92:e3:bd:eb:43:40:91:6e:1c:18:8e:56:b4:82: < 12:f3:a9:93:9f:d4:bc:9c:ad:9c:75:ee:5a:97:1b:95:e7:74: < 2d:1c:0f:b0:2c:97:9f:fb:a9:33:39:7a:e7:03:3a:92:8e:22: < f6:8c:0d:e4:d9:7e:0d:76:18:f7:01:f9:ef:96:96:a2:55:73: < c0:3c:71:b4:1d:1a:56:43:b7:c3:0a:8d:72:fc:e2:10:09:0b: < 41:ce:8c:94:a0:f9:03:fd:71:73:4b:8a:57:33:e5:8e:74:7e: < 15:01:00:e6:cc:4a:1c:e7:7f:95:19:2d:c5:a5:0c:8b:bb:b5: < ed:85:b3:5c:d3:df:b8:b9:f2:ca:c7:0d:01:14:ac:70:58:c5: < 8c:8d:33:d4:9d:66:a3:1a:50:95:23:fc:48:e0:06:43:12:d9: < cd:a7:86:39:2f:36:72:a3:80:10:e4:e1:f3:d1:cb:5b:1a:c0: < e4:80:9a:7c:13:73:06:4f:db:a3:6b:24:0a:ba:b3:1c:bc:4a: < 78:bb:e5:e3:75:38:a5:48:a7:a2:1e:af:76:d4:5e:f7:38:86: < 56:5a:89:ce:d6:c3:a7:79:b2:52:a0:c6:f1:85:b4:25:8c:f2: < 3f:96:b3:10:d9:8d:6c:57:3b:9f:6f:86:3a:18:82:22:36:c8: < b0:91:38:db:2a:a1:93:aa:84:3f:f5:27:65:ae:73:d5:c8:d5: < d3:77:ea:4b:9d:c7:41:bb:c7:c0:e3:a0:3f:e4:7d:a4:8d:73: < e6:12:4b:df:a1:73:73:73:3a:80:e8:d5:cb:8e:2f:cb:ea:13: < a7:d6:41:8b:ac:fa:3c:89:d7:24:f5:4e:b4:e0:61:92:b7:f3: < 37:98:c4:be:96:a3:b7:8a --- > 5a:90:16:d0:36:23:56:64:95:89:bc:8f:ac:a4:20:c9:26:8a: > a9:f3:54:e4:40:18:3f:4a:cb:43:c6:9b:76:09:e6:ca:54:a7: > 8c:94:0b:92:68:d6:59:bb:17:97:7b:69:ea:ad:d4:4c:e1:29: > 5b:28:15:8f:dd:19:f4:95:59:27:97:18:db:8f:09:b9:7d:78: > 7a:c8:b0:42:56:b5:ea:eb:5e:b1:26:d0:97:13:be:05:1c:86: > e1:34:05:15:b1:06:bd:da:3c:d0:13:63:84:6d:35:94:d0:3e: > 99:82:18:a1:fa:3f:9c:37:47:85:8a:e0:ee:73:78:82:d4:6b: > 99:31:bf:d9:c3:6d:40:5d:b9:15:c7:36:78:8a:96:8b:d1:84: > 20:b1:2b:75:3f:6d:a2:a5:be:bd:e8:e2:e4:ad:44:5c:b6:06: > 36:70:74:b8:a4:8e:b6:56:94:60:93:02:7f:2f:0d:a7:f8:2f: > 6f:b6:e9:28:cc:c8:6b:94:f4:93:03:43:a1:34:41:a2:1a:9d: > a1:46:95:9a:86:21:be:1c:67:08:61:f0:15:f6:fe:e8:83:77: > 4e:f5:39:d2:d1:70:db:6e:4d:51:a9:73:e9:73:f0:ed:ac:95: > b3:99:93:74:3b:82:88:c7:43:ad:2c:92:56:1b:dc:e9:f4:9a: > c9:c8:ee:94:48:81:58:81:aa:f4:53:c1:c7:1e:84:dc:72:d8: > 7e:f2:f2:62:af:3e:c0:c3:80:e5:0a:e8:e8:db:b3:a8:22:4b: > 20:dc:ec:e0:5f:f0:e4:bd:66:25:d0:9f:04:32:55:e8:1f:48: > 93:bf:7a:9c:ae:84:08:b4:e5:05:b2:08:a5:6e:34:5b:6b:ce: > 90:e6:42:e1:9c:2c:63:75:6d:82:6d:b3:52:a7:cb:e5:66:7d: > 2e:17:17:7c:b2:9c:50:71:7b:34:08:89:f5:f6:eb:dc:40:8a: > 38:67:8b:90:fb:4d:0b:83:dc:48:f5:81:55:f5:2d:8c:6d:26: > a7:94:d5:25:bd:b0:78:52:f1:e4:7a:5d:29:e9:b1:ad:02:6a: > 75:74:90:52:91:93:85:9b:46:7a:7a:4f:86:ef:0e:d1:d5:a4: > e2:7e:31:89:ad:dc:34:df:63:be:54:82:b0:0a:0b:bc:0d:db: > 24:47:4c:34:07:af:32:75:99:f4:01:39:cc:9e:be:44:c6:f7: > 16:91:90:6d:0a:04:1a:d8:db:d2:2a:b7:10:9e:56:aa:a3:d8: > 9c:10:5e:17:7a:f2:3f:55:37:b3:95:bd:4b:8d:83:16:1d:57: > 79:47:a0:b6:a7:8c:13:c9:50:48:33:c8:63:ac:b7:0a:88:28: > 45:e3:71:91:26:d9:de:ef signer:/tmp/ram-re-sign# diff old3.text new3.text openssl x509 -in class3_256.crt -noout -text > new3.text.crt -noout -text > old3.textroot_256.crt -outform der | openssl dgst -sha256 diff old1.txt new1.txt openssl x509 -in root_256.crt -outform der | openssl dgst -sha256 diff old1.txt new1.txt [4@.txtopenssl x509 -in root_256.crt -outform der | openssl dgst -sha256[1@c[1@l[1@a[1@s[1@s[1@3 f6873d70d67596c2acba34401e69738b52701dd6ab06b49749bc55150936d544 signer:/tmp/ram-re-sign# signer:/tmp/ram-re-sign# cp -p root_256.crt class3_256.crt /mnt/ signer:/tmp/ram-re-sign# pcp -po old1.txt new1.txt old3.text new3.text ,/mnt signer:/tmp/ram-re-sign# cp -p root_256.crt /etc/sslC/CA signer:/tmp/ram-re-sign# cp -p class3_256.crt /etc/ssl/class33/ signer:/tmp/ram-re-sign# exit exit Script done on Sat 12 Mar 2016 02:35:42 PM UTC