Skip to content

Instantly share code, notes, and snippets.

@mustafaturan
Created February 28, 2017 00:46
Show Gist options
  • Save mustafaturan/89af9cfc0727f2c70d7dcf489c03aca6 to your computer and use it in GitHub Desktop.
Save mustafaturan/89af9cfc0727f2c70d7dcf489c03aca6 to your computer and use it in GitHub Desktop.
Fetch Certificate From A Web Page
#!/usr/bin/env bash
openssl s_client -connect {hostname}:{port} -showcerts
@mustafaturan
Copy link
Author

Create a self-signed certificate for both client & server

# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr

# Sign Certificate (example valid for 365 days)
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr

# Sign the client certificate with the CA cert
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Update nginx.conf

  ssl_certificate /opt/nginx/ssl/server.crt;
  ssl_certificate_key /opt/nginx/ssl/server.key;
  ssl_client_certificate /opt/nginx/ssl/ca.crt;
  ssl_verify_client on;
  ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 5m;
  ssl on;

Sample req

curl -v -s -k --key client.key --cert client.crt https://sample.com/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment