-
-
Save zapstar/4b51d7cfa74c7e709fcdaace19233443 to your computer and use it in GitHub Desktop.
| # Move to root directory... | |
| cd / | |
| mkdir keys | |
| cd keys | |
| # Generate a self signed certificate for the CA along with a key. | |
| mkdir -p ca/private | |
| chmod 700 ca/private | |
| # NOTE: I'm using -nodes, this means that once anybody gets | |
| # their hands on this particular key, they can become this CA. | |
| openssl req \ | |
| -x509 \ | |
| -nodes \ | |
| -days 3650 \ | |
| -newkey rsa:4096 \ | |
| -keyout ca/private/ca_key.pem \ | |
| -out ca/ca_cert.pem \ | |
| -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=example.com" | |
| # Create server private key and certificate request | |
| mkdir -p server/private | |
| chmod 700 ca/private | |
| openssl genrsa -out server/private/server_key.pem 4096 | |
| openssl req -new \ | |
| -key server/private/server_key.pem \ | |
| -out server/server.csr \ | |
| -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=server.example.com" | |
| # Create client private key and certificate request | |
| mkdir -p client/private | |
| chmod 700 client/private | |
| openssl genrsa -out client/private/client_key.pem 4096 | |
| openssl req -new \ | |
| -key client/private/client_key.pem \ | |
| -out client/client.csr \ | |
| -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=client.example.com" | |
| # Generate certificates | |
| openssl x509 -req -days 1460 -in server/server.csr \ | |
| -CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem \ | |
| -CAcreateserial -out server/server_cert.pem | |
| openssl x509 -req -days 1460 -in client/client.csr \ | |
| -CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem \ | |
| -CAcreateserial -out client/client_cert.pem | |
| # Now test both the server and the client | |
| # On one shell, run the following | |
| openssl s_server -CAfile ca/ca_cert.pem -cert server/server_cert.pem -key server/private/server_key.pem -Verify 1 | |
| # On another shell, run the following | |
| openssl s_client -CAfile ca/ca_cert.pem -cert client/client_cert.pem -key client/private/client_key.pem | |
| # Once the negotiation is complete, any line you type is sent over to the other side. | |
| # By line, I mean some text followed by a keyboard return press. |
Great info, thanks.
I got verify depth is 1, must return a certificate
Using default temp DH parameters
ACCEPT
bind: Permission denied
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
0 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
while running server.
I couldn't cd to root. All commands are executed from my local directory. That is only step I missed.
Any solution?
bind: Permission denied
You are binding to a privileged port (port < 1024). You'll probably want to be a privileged user to do that (root or a normal user with CAP_NET_BIND_SERVICE).
Getting "SSL Handshake failed" on Client Side after I have created the certs like in the steps above. Any solution for this?
obrigado irmão
thank you very much
very helpful. Thanks.
I think the line 22 should be chmod 700 server/private
It helps me, thank you!