tachtler:apache_http_server_centos_7_-_mod_ssl_-_verschluesselung_https
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:apache_http_server_centos_7_-_mod_ssl_-_verschluesselung_https [2014/11/26 16:32] – [ROOT-CRT einbinden] klaus | tachtler:apache_http_server_centos_7_-_mod_ssl_-_verschluesselung_https [2018/06/25 12:55] (aktuell) – [/etc/httpd/conf.d/ssl.conf] klaus | ||
---|---|---|---|
Zeile 274: | Zeile 274: | ||
# Tachtler | # Tachtler | ||
# default: SSLProtocol all -SSLv2 | # default: SSLProtocol all -SSLv2 | ||
- | SSLProtocol | + | SSLProtocol all -SSLv2 -SSLv3 |
# SSL Cipher Suite: | # SSL Cipher Suite: | ||
Zeile 281: | Zeile 281: | ||
# Tachtler | # Tachtler | ||
# default: SSLCipherSuite HIGH: | # default: SSLCipherSuite HIGH: | ||
- | SSLCipherSuite | + | SSLCipherSuite |
# | # | ||
Zeile 446: | Zeile 446: | ||
# Tachtler | # Tachtler | ||
# default: SSLProtocol all -SSLv2 | # default: SSLProtocol all -SSLv2 | ||
- | SSLProtocol | + | SSLProtocol all -SSLv2 -SSLv3 |
</ | </ | ||
Zeile 458: | Zeile 458: | ||
# Tachtler | # Tachtler | ||
# default: SSLCipherSuite HIGH: | # default: SSLCipherSuite HIGH: | ||
- | SSLCipherSuite | + | SSLCipherSuite |
</ | </ | ||
Zeile 857: | Zeile 857: | ||
je nach Betriebssystem und Browser **entsprechend** importiert werden. | je nach Betriebssystem und Browser **entsprechend** importiert werden. | ||
- | Nachfolgend wird am Browser [[https:// | + | Nachfolgend wird am Browser [[https:// |
**Ausgehend davon, das die ROOT-Zeritifkate bereits heruntergeladen wurden** und hier als Beispiel im Verzeichnis - **''/ | **Ausgehend davon, das die ROOT-Zeritifkate bereits heruntergeladen wurden** und hier als Beispiel im Verzeichnis - **''/ | ||
Zeile 1154: | Zeile 1154: | ||
* ''/ | * ''/ | ||
* ''/ | * ''/ | ||
- | * ''/ | ||
noch wie folgt gesetzte werden: | noch wie folgt gesetzte werden: | ||
Zeile 1170: | Zeile 1169: | ||
< | < | ||
# chmod 400 / | # chmod 400 / | ||
- | </ | ||
- | |||
- | Die **Datei**rechte für ''/ | ||
- | < | ||
- | # chmod 400 / | ||
</ | </ | ||
Zeile 1223: | Zeile 1217: | ||
# default: # | # default: # | ||
SSLCertificateChainFile / | SSLCertificateChainFile / | ||
- | |||
- | # | ||
- | # Set the CA certificate verification path where to find CA | ||
- | # | ||
- | # huge file containing all of them (file must be PEM encoded) | ||
- | # Tachtler | ||
- | # default: # | ||
- | SSLCACertificateFile / | ||
... | ... | ||
</ | </ | ||
Zeile 1244: | Zeile 1230: | ||
:!: **HINWEIS** - In vorangestelltem Bild ist zu erkennen, dass der Aufruf der Seite [[https:// | :!: **HINWEIS** - In vorangestelltem Bild ist zu erkennen, dass der Aufruf der Seite [[https:// | ||
+ | ===== Openssl-Befehle ===== | ||
+ | |||
+ | Nachfolgende Befehle dienen zur Abfrage eines Zertifikats via **'' | ||
+ | |||
+ | ==== Zertifikat: Dateisystem ==== | ||
+ | |||
+ | Nachfolgende Abfrage ermittelt die Zertifikatsdaten aus dem einlesen des Zertifikats aus dem Dateisystem, | ||
+ | < | ||
+ | # openssl x509 -noout -text -in / | ||
+ | Certificate: | ||
+ | Data: | ||
+ | Version: 3 (0x2) | ||
+ | Serial Number: | ||
+ | 03: | ||
+ | Signature Algorithm: sha256WithRSAEncryption | ||
+ | Issuer: C=US, O=Let' | ||
+ | Validity | ||
+ | Not Before: Feb 12 05:54:00 2018 GMT | ||
+ | Not After : May 13 05:54:00 2018 GMT | ||
+ | Subject: CN=tachtler.net | ||
+ | Subject Public Key Info: | ||
+ | Public Key Algorithm: rsaEncryption | ||
+ | Public-Key: (4096 bit) | ||
+ | Modulus: | ||
+ | 00: | ||
+ | 10: | ||
+ | 7c: | ||
+ | 0b: | ||
+ | 29: | ||
+ | 8f: | ||
+ | 7d: | ||
+ | a7: | ||
+ | e7: | ||
+ | a9: | ||
+ | dd: | ||
+ | 41: | ||
+ | 73: | ||
+ | 91: | ||
+ | 83: | ||
+ | 10: | ||
+ | fc: | ||
+ | d4: | ||
+ | 46: | ||
+ | 03: | ||
+ | 2c: | ||
+ | ab: | ||
+ | 16: | ||
+ | 48: | ||
+ | bb: | ||
+ | 9f: | ||
+ | 91: | ||
+ | e7: | ||
+ | ea: | ||
+ | 54: | ||
+ | db: | ||
+ | 4a: | ||
+ | 6e: | ||
+ | 36: | ||
+ | 95:bf:97 | ||
+ | Exponent: 65537 (0x10001) | ||
+ | X509v3 extensions: | ||
+ | X509v3 Key Usage: critical | ||
+ | Digital Signature, Key Encipherment | ||
+ | X509v3 Extended Key Usage: | ||
+ | TLS Web Server Authentication, | ||
+ | X509v3 Basic Constraints: | ||
+ | CA:FALSE | ||
+ | X509v3 Subject Key Identifier: | ||
+ | A9: | ||
+ | X509v3 Authority Key Identifier: | ||
+ | keyid: | ||
+ | |||
+ | Authority Information Access: | ||
+ | OCSP - URI: | ||
+ | CA Issuers - URI: | ||
+ | |||
+ | X509v3 Subject Alternative Name: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | classicui.tachtler.net, | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | DNS: | ||
+ | X509v3 Certificate Policies: | ||
+ | Policy: 2.23.140.1.2.1 | ||
+ | Policy: 1.3.6.1.4.1.44947.1.1.1 | ||
+ | CPS: http:// | ||
+ | User Notice: | ||
+ | Explicit Text: This Certificate may only be relied upon by Relying Parties and only in | ||
+ | accordance with the Certificate Policy found at https:// | ||
+ | |||
+ | Signature Algorithm: sha256WithRSAEncryption | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | ==== Zertifikat: HTTPS-Abfrage ==== | ||
+ | |||
+ | Nachfolgende Abfrage ermittelt das Zertifikat aus dem einlesen des Zertifikats aus eine HTTPS-Anfrage an den Server: | ||
+ | < | ||
+ | # openssl s_client -showcerts -servername www.tachtler.net -connect 88.217.171.167: | ||
+ | CONNECTED(00000003) | ||
+ | --- | ||
+ | Certificate chain | ||
+ | 0 s:/ | ||
+ | | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIKdTCCCV2gAwIBAgISA5wjYH8g820jFJtTOyQ8NnS1MA0GCSqGSIb3DQEBCwUA | ||
+ | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | ||
+ | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEyMDUwNDA2MDZaFw0x | ||
+ | ODAzMDUwNDA2MDZaMBcxFTATBgNVBAMTDHRhY2h0bGVyLm5ldDCCAiIwDQYJKoZI | ||
+ | hvcNAQEBBQADggIPADCCAgoCggIBALH7TynGtBgtEIq/ | ||
+ | vmpkI9hGi4XTcQKzr4pgWoRuGnu9l6mPuw3eVKV9/ | ||
+ | P4lIDug+mLEeVSTxXKmVATlJdYiO/ | ||
+ | 3ja0ORv5NLK0d1DOEGDO9dGsil8TUe8RxTob8ndjeOGVyx0ui9iS4+uxV5ulyibm | ||
+ | Mt/ | ||
+ | N3D4IYKWYpsLrHhIp4cKoEIXBRTlklXG+VwQXocVbSoilL3FGaUzeaRseZrS0lI9 | ||
+ | kK4M8oGpBP81YztXdAkSEma4UuxtS+yjedWFSA908G46vVWnzVLdZCqtYy94xHmV | ||
+ | LpkEZMQOdUwjy+firH8mJDK06cn1CX20KqUoMN3v48wgFBS1IJWvw91H090VgJHt | ||
+ | s2iJSAXwfmU9pduALoAoXAP9PQPhoeK+X+rmikNqFbUbMgUzq2QqtDvuq7lnan1b | ||
+ | GOPFMTh0PHbXFtDHguvK6Ln9zM8YDlZ2EkVdHaIqzwLpwTOyrapNXAYoJb0Red6m | ||
+ | aziVzU99AwZTCbMENHEwu1X4Lkf3jP3mNUz4yguWjCI5XaeriuMOmeDfLkM3yWk3 | ||
+ | 1Ozs8SGFAgMBAAGjggaGMIIGgjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI | ||
+ | KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/ | ||
+ | hTaHrXSLpNNIVmzsh4GeMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/ | ||
+ | MG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgz | ||
+ | LmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgz | ||
+ | LmxldHNlbmNyeXB0Lm9yZy8wggSPBgNVHREEggSGMIIEgoIYYXBhY2hlNzAwNDAu | ||
+ | dGFjaHRsZXIubmV0ghhhcGFjaGU3MDA1MC50YWNodGxlci5uZXSCGGFwYWNoZTcw | ||
+ | MDYwLnRhY2h0bGVyLm5ldIIYYXBhY2hlNzAwOTAudGFjaHRsZXIubmV0ghhhcGFj | ||
+ | aGU3MDEwMC50YWNodGxlci5uZXSCGGFwYWNoZTcwMTEwLnRhY2h0bGVyLm5ldIIZ | ||
+ | YXdzdGF0czcwMDYwLnRhY2h0bGVyLm5ldIIZYXdzdGF0czcwMDkwLnRhY2h0bGVy | ||
+ | Lm5ldIISYnVlcm8udGFjaHRsZXIubmV0ghlkbWFyY3JlcG9ydHMudGFjaHRsZXIu | ||
+ | bmV0ghVkb2t1d2lraS50YWNodGxlci5uZXSCGmUybG9nYW5hbHl6ZXIudGFjaHRs | ||
+ | ZXIubmV0gh9lbGFzdGljc2VhcmNoNzAxMTAudGFjaHRsZXIubmV0ghVmYWlsMm1h | ||
+ | cC50YWNodGxlci5uZXSCE2dpdGxhYi50YWNodGxlci5uZXSCFWdyYXBoaXRlLnRh | ||
+ | Y2h0bGVyLm5ldIIUZ3JheWxvZy50YWNodGxlci5uZXSCFWhvbWVwYWdlLnRhY2h0 | ||
+ | bGVyLm5ldIIdaWNpbmdhLWNsYXNzaWN1aS50YWNodGxlci5uZXSCG2ljaW5nYS1k | ||
+ | YXNoaW5nLnRhY2h0bGVyLm5ldIITaWNpbmdhLnRhY2h0bGVyLm5ldIIUaW5zdGFs | ||
+ | bC50YWNodGxlci5uZXSCEWlwbWkudGFjaHRsZXIubmV0ghZtYWlsZ3JhcGgudGFj | ||
+ | aHRsZXIubmV0ghhteXNxbGR1bXBlci50YWNodGxlci5uZXSCF251dGNoNzAxMDAu | ||
+ | dGFjaHRsZXIubmV0ghlwaHBsZGFwYWRtaW4udGFjaHRsZXIubmV0ghdwaHBteWFk | ||
+ | bWluLnRhY2h0bGVyLm5ldIIZcG9zdGZpeGFkbWluLnRhY2h0bGVyLm5ldIIScHJv | ||
+ | eHkudGFjaHRsZXIubmV0ghpwc2lwcm9iZTcwMTAwLnRhY2h0bGVyLm5ldIIVcmVj | ||
+ | ZWl2ZXIudGFjaHRsZXIubmV0ghdyZXBvc2l0b3J5LnRhY2h0bGVyLm5ldIIWcm91 | ||
+ | dGVyLWRnLnRhY2h0bGVyLm5ldIITcm91dGVyLnRhY2h0bGVyLm5ldIIWc29scjcw | ||
+ | MTAwLnRhY2h0bGVyLm5ldIISc3F1aWQudGFjaHRsZXIubmV0ghpzcXVpZGFuYWx5 | ||
+ | emVyLnRhY2h0bGVyLm5ldIITc3dpdGNoLnRhY2h0bGVyLm5ldIIMdGFjaHRsZXIu | ||
+ | bmV0ghh0b21jYXQ3MDEwMC50YWNodGxlci5uZXSCEHVzdi50YWNodGxlci5uZXSC | ||
+ | E3dlYmNhbS50YWNodGxlci5uZXSCGXdlYmNhbWFyY2hpdi50YWNodGxlci5uZXSC | ||
+ | E3dlYmRhdi50YWNodGxlci5uZXSCEXdwYWQudGFjaHRsZXIubmV0ghl3d3cuZG9r | ||
+ | dXdpa2kudGFjaHRsZXIubmV0ghB3d3cudGFjaHRsZXIubmV0MIH+BgNVHSAEgfYw | ||
+ | gfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0 | ||
+ | cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBD | ||
+ | ZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBh | ||
+ | cnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0 | ||
+ | ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3Np | ||
+ | dG9yeS8wDQYJKoZIhvcNAQELBQADggEBAEqckfys6nPVZDKBZADy6tEZuQ3gaFka | ||
+ | tgy61UjLbtzqag+ILmfN1zAbqZnk67MXf3sCD66kNFfGiW+DCvXjVdI6uee35cMd | ||
+ | f+6xv4NvwTiESsb/ | ||
+ | 6xYMXvChAOGvmm9Y5NUqhX1A0w+At6xPcTkqgXsXnUKDlF03vT9ZBAZm62aa0Ria | ||
+ | Upluz9ww+ci2TIOfrJUh4qxWWirRGp3Ca5Ck7Z+BK3n+ao0T7EdKi8zMhis0iQb0 | ||
+ | HCxaA5xzeWdtYAqjJ8EO5p1JF7AsHB1KFmPHN868jKQTnrV9WKwUwcA= | ||
+ | -----END CERTIFICATE----- | ||
+ | 1 s:/ | ||
+ | | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ | ||
+ | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
+ | DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow | ||
+ | SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT | ||
+ | GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC | ||
+ | AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF | ||
+ | q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/ | ||
+ | SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 | ||
+ | Z8h/ | ||
+ | a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/ | ||
+ | / | ||
+ | AQH/ | ||
+ | CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv | ||
+ | bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k | ||
+ | c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/ | ||
+ | VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC | ||
+ | ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz | ||
+ | MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu | ||
+ | Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF | ||
+ | AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo | ||
+ | uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/ | ||
+ | wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/ | ||
+ | X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG | ||
+ | PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 | ||
+ | KOqkqm57TH2H3eDJAkSnh6/ | ||
+ | -----END CERTIFICATE----- | ||
+ | --- | ||
+ | Server certificate | ||
+ | subject=/ | ||
+ | issuer=/ | ||
+ | --- | ||
+ | No client certificate CA names sent | ||
+ | Peer signing digest: SHA512 | ||
+ | Server Temp Key: ECDH, P-256, 256 bits | ||
+ | --- | ||
+ | SSL handshake has read 4865 bytes and written 472 bytes | ||
+ | --- | ||
+ | New, TLSv1/ | ||
+ | Server public key is 4096 bit | ||
+ | Secure Renegotiation IS supported | ||
+ | Compression: | ||
+ | Expansion: NONE | ||
+ | No ALPN negotiated | ||
+ | SSL-Session: | ||
+ | Protocol | ||
+ | Cipher | ||
+ | Session-ID: 88F3392BAAC750BD03300E556330F57852D08FC9D8AEADC83EF0A32DF695BE27 | ||
+ | Session-ID-ctx: | ||
+ | Master-Key: | ||
+ | B84D456A824306D78D6AA6F0208A8D7C45FDE31EB024E9BD92FA9A66C00EBE94444F147559806F7566F62E850E80FB9A | ||
+ | Key-Arg | ||
+ | Krb5 Principal: None | ||
+ | PSK identity: None | ||
+ | PSK identity hint: None | ||
+ | TLS session ticket lifetime hint: 300 (seconds) | ||
+ | TLS session ticket: | ||
+ | 0000 - c9 1a 36 03 88 60 ab 46-a0 cb fc fc 09 f7 ac d1 | ||
+ | 0010 - 9c 71 dd cc 22 02 4b 5b-55 1f 85 b5 cc 4b 80 4a | ||
+ | 0020 - 99 4b d9 ab ea 2d c7 f2-2e bb 5b 6b 88 ce 5e d2 | ||
+ | 0030 - d6 95 88 b6 dd e3 62 a4-1e 2a f1 b1 8e 92 27 f8 | ||
+ | 0040 - 22 48 ff 4b f0 e4 7e d2-49 0d 92 87 18 b7 c4 2d " | ||
+ | 0050 - e5 0a 89 81 c0 58 3e b4-a1 68 f0 6c 45 06 b6 0b | ||
+ | 0060 - 76 2b de 46 86 5c 13 fb-48 dc 83 44 e1 a6 b4 cc | ||
+ | 0070 - 57 ef 26 37 bb 25 0e eb-81 9f 83 9f 4c 03 1a fe | ||
+ | 0080 - 22 f9 75 65 9f 9e 64 90-0f 51 f1 8d 19 89 4e 98 " | ||
+ | 0090 - c9 d7 a8 44 7e 25 6a 45-bd a7 55 39 54 69 ee 81 | ||
+ | 00a0 - cb 51 58 6a 47 00 10 52-62 0c 02 23 07 1b 67 44 | ||
+ | 00b0 - 33 b8 1a 31 01 45 07 ba-5f b7 95 5a 18 12 b6 53 | ||
+ | 00c0 - 55 1d ea 5e 1b 96 49 f1-fd 5e 25 d7 27 7b f2 fe | ||
+ | 00d0 - 4b fb 2b d8 16 13 65 8d-a1 10 7b ad 20 d0 62 bf | ||
+ | |||
+ | Start Time: 1518420083 | ||
+ | Timeout | ||
+ | Verify return code: 0 (ok) | ||
+ | --- | ||
+ | </ | ||
+ | |||
+ | :!: **HINWEIS** - Abschließend kann die **[Return/ | ||
+ | |||
+ | ==== Zertifikat: HTTPS-Abfrage - Zertifikatslaufzeit ==== | ||
+ | |||
+ | Nachfolgende Abfrage ermittelt das **Ausstellungs-** und **Ablaufdatum** aus dem einlesen des Zertifikats aus eine HTTPS-Anfrage an den Server: | ||
+ | < | ||
+ | # openssl s_client -showcerts -servername www.tachtler.net -connect 88.217.171.167: | ||
+ | notBefore=Dec | ||
+ | notAfter=Mar | ||
+ | |||
+ | </ | ||
+ | :!: **HINWEIS** - Abschließend kann die **[Return/ |
tachtler/apache_http_server_centos_7_-_mod_ssl_-_verschluesselung_https.1417015969.txt.gz · Zuletzt geändert: 2014/11/26 16:32 von klaus