Created
February 28, 2017 00:46
-
-
Save mustafaturan/89af9cfc0727f2c70d7dcf489c03aca6 to your computer and use it in GitHub Desktop.
Fetch Certificate From A Web Page
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
openssl s_client -connect {hostname}:{port} -showcerts |
Sample nginx.conf
ssl_certificate /opt/nginx/ssl/server.crt;
ssl_certificate_key /opt/nginx/ssl/server.key;
#ssl_client_certificate /opt/nginx/ssl/ca.crt;
#ssl_verify_client on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl on;
Sample HTTPoison.post request
HTTPoison.post!("#{@base_url}#{uri}", params, headers, hackney: ssl_opts())
# to disable 'server_name_indication' add the following line to your ssl_options
# {:server_name_indication, :disable}
defp ssl_opts do
[{:ssl_options, [{:cacertfile, "server.pem"}]}]
end
Create a self-signed certificate for both client & server
# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
# Sign Certificate (example valid for 365 days)
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
# Sign the client certificate with the CA cert
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Update nginx.conf
ssl_certificate /opt/nginx/ssl/server.crt;
ssl_certificate_key /opt/nginx/ssl/server.key;
ssl_client_certificate /opt/nginx/ssl/ca.crt;
ssl_verify_client on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl on;
Sample req
curl -v -s -k --key client.key --cert client.crt https://sample.com/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Create a self signed certificate