SelfSignedRootCA.md

Root CA Private Key

generate root cert auth private key

openssl genrsa -out rootCA.key 2048

Root CA Cert

openssl req does the folloing:

This command primarily creates and processes certificate requests (CSRs) in PKCS#10 format. It can additionally create self-signed certificates for use as root CAs for example.

This command creates the root CA cert

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.pem

Device Private Key

generate device private key

openssl genrsa -out device.key 2048

Device CSR (cert signing request)

Then, generate a certificate signing request.

openssl req -new -key device.key -out device.csr

note: i used localhost for common name and it worked fine note: challege password = 3579640978

Device Certificate

sign the CSR with the device private key. the csr already has been signed with the device private key

openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 364 -sha256

referenced

https://gist.github.com/marshalhayes/ca9508f97d673b6fb73ba64a67b76ce8 https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

test_client.py

import socket
import ssl

CERT_FILE = '/Users/qle/certificate/rootCA.pem'

HOST = "127.0.0.1"
PORT = 60002

SERVER_HOST = "localhost"
SERVER_PORT = 60000

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_verify_locations(CERT_FILE)

client = context.wrap_socket(sock=client, server_side=False, server_hostname=SERVER_HOST)

if __name__ == "__main__":
    client.bind((HOST, PORT))
    client.connect((SERVER_HOST, SERVER_PORT))

    while True:
        from time import sleep

        client.send("Hello World!".encode("utf-8"))
        sleep(1)

test_server.py

import socket
import ssl

KEY_FILE = '/Users/qle/certificate/device.key'
CERT_FILE = '/Users/qle/certificate/device.crt'

HOST = "127.0.0.1"
PORT = 60000

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(
    certfile=CERT_FILE, 
    keyfile=KEY_FILE
)

server = context.wrap_socket(sock=server, server_side=True)

if __name__ == "__main__":
    server.bind((HOST, PORT))
    server.listen(0)

    while True:
        connection, client_address = server.accept()
        while True:
            data = connection.recv(1024)
            if not data:
                break
            print(f"Received: {data.decode('utf-8')}")