mustafaturan/cerficate-fetcher.sh

Created February 28, 2017 00:46

Star 0 You must be signed in to star a gist
Fork 1 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mustafaturan/89af9cfc0727f2c70d7dcf489c03aca6.js"></script>
Save mustafaturan/89af9cfc0727f2c70d7dcf489c03aca6 to your computer and use it in GitHub Desktop.

Download ZIP

Fetch Certificate From A Web Page

Raw

cerficate-fetcher.sh

	#!/usr/bin/env bash
	openssl s_client -connect {hostname}:{port} -showcerts

Author

mustafaturan commented Feb 28, 2017

Create a self signed certificate

# Create private server key
openssl genrsa -des3 -out server.key 2048

# Create a certificate
openssl req -new -key server.key -out server.csr

# Remove pass phrase
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

# Sign Certificate (example valid for 365 days)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Author

mustafaturan commented Feb 28, 2017

Sample nginx.conf

  ssl_certificate /opt/nginx/ssl/server.crt;
  ssl_certificate_key /opt/nginx/ssl/server.key;
  #ssl_client_certificate /opt/nginx/ssl/ca.crt;
  #ssl_verify_client on;
  ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 5m;
  ssl on;

Author

mustafaturan commented Feb 28, 2017 •

edited

Sample HTTPoison.post request

  HTTPoison.post!("#{@base_url}#{uri}", params, headers, hackney: ssl_opts())

  # to disable 'server_name_indication' add the following line to your ssl_options
  # {:server_name_indication, :disable}
  defp ssl_opts do
    [{:ssl_options, [{:cacertfile, "server.pem"}]}]
  end

Author

mustafaturan commented Feb 28, 2017

Create a self-signed certificate for both client & server

# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr

# Sign Certificate (example valid for 365 days)
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr

# Sign the client certificate with the CA cert
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Update nginx.conf

  ssl_certificate /opt/nginx/ssl/server.crt;
  ssl_certificate_key /opt/nginx/ssl/server.key;
  ssl_client_certificate /opt/nginx/ssl/ca.crt;
  ssl_verify_client on;
  ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 5m;
  ssl on;

Sample req

curl -v -s -k --key client.key --cert client.crt https://sample.com/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment