Created
October 27, 2014 02:33
-
-
Save yueyoum/e3f34ccb024c463c546c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
DAYS=3650 | |
# example: http://svn.red-bean.com/repos/main/3bits/servercert_3bits.txt | |
# 1 Create a Certifying Authority (CA) keypair. | |
# ca.crt / ca.key | |
# a. generate key | |
openssl genrsa -out ca.key 1024 | |
# b. create CA cert, valid for the next 3650 days | |
# all questions can be leave blank. | |
openssl req -new -key ca.key -x509 -days $DAYS -out ca.crt | |
# 2 Create CA-Signed Server Cert | |
# a. generate key for the server itself | |
openssl genrsa -out server.key | |
# b. create CSR for server.key | |
openssl req -new -key server.key -out server.csr | |
# | |
# [answer questions...] | |
# Common Name: <-- this MUST be full qualified domain name. | |
# c. have the CA sign the CSR | |
openssl x509 -req -days $DAYS -in server.csr -CA ca.crt \ | |
-CAkey ca.key -CAcreateserial -out server.crt | |
# Optional, create client.pem for client side use | |
cat server.crt server.key > client.pem | |
##### USAGE #### | |
# # Erlang, Server | |
# # | |
# # Create a SSL socket, and verify client | |
# {ok, LSock} = ssl:listen(Port, [{certfile, "server.crt"}, | |
# {keyfile, "server.key"}, | |
# {cacertfile, "ca.crt"}, | |
# {verify, verify_peer}, | |
# {fail_if_no_peer_cert, true}], | |
# # Transport accept | |
# {ok, Socket} = ssl:transport_accept(LSock), | |
# | |
# # Do hand shake. This may return {error, Reason} | |
# ok = ssl:ssl_accept(Socket) | |
# | |
# | |
# # Erlang, Client | |
# {ok, Socket} = ssl:connect(Host, Port, [{certfile, "server.crt"}, | |
# {keyfile, "server.key"}]). | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment