-
-
Save zapstar/4b51d7cfa74c7e709fcdaace19233443 to your computer and use it in GitHub Desktop.
# Move to root directory... | |
cd / | |
mkdir keys | |
cd keys | |
# Generate a self signed certificate for the CA along with a key. | |
mkdir -p ca/private | |
chmod 700 ca/private | |
# NOTE: I'm using -nodes, this means that once anybody gets | |
# their hands on this particular key, they can become this CA. | |
openssl req \ | |
-x509 \ | |
-nodes \ | |
-days 3650 \ | |
-newkey rsa:4096 \ | |
-keyout ca/private/ca_key.pem \ | |
-out ca/ca_cert.pem \ | |
-subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=example.com" | |
# Create server private key and certificate request | |
mkdir -p server/private | |
chmod 700 ca/private | |
openssl genrsa -out server/private/server_key.pem 4096 | |
openssl req -new \ | |
-key server/private/server_key.pem \ | |
-out server/server.csr \ | |
-subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=server.example.com" | |
# Create client private key and certificate request | |
mkdir -p client/private | |
chmod 700 client/private | |
openssl genrsa -out client/private/client_key.pem 4096 | |
openssl req -new \ | |
-key client/private/client_key.pem \ | |
-out client/client.csr \ | |
-subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=client.example.com" | |
# Generate certificates | |
openssl x509 -req -days 1460 -in server/server.csr \ | |
-CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem \ | |
-CAcreateserial -out server/server_cert.pem | |
openssl x509 -req -days 1460 -in client/client.csr \ | |
-CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem \ | |
-CAcreateserial -out client/client_cert.pem | |
# Now test both the server and the client | |
# On one shell, run the following | |
openssl s_server -CAfile ca/ca_cert.pem -cert server/server_cert.pem -key server/private/server_key.pem -Verify 1 | |
# On another shell, run the following | |
openssl s_client -CAfile ca/ca_cert.pem -cert client/client_cert.pem -key client/private/client_key.pem | |
# Once the negotiation is complete, any line you type is sent over to the other side. | |
# By line, I mean some text followed by a keyboard return press. |
I got verify depth is 1, must return a certificate
Using default temp DH parameters
ACCEPT
bind: Permission denied
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
0 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
while running server.
I couldn't cd to root. All commands are executed from my local directory. That is only step I missed.
Any solution?
bind: Permission denied
You are binding to a privileged port (port < 1024
). You'll probably want to be a privileged user to do that (root
or a normal user with CAP_NET_BIND_SERVICE
).
Getting "SSL Handshake failed" on Client Side after I have created the certs like in the steps above. Any solution for this?
obrigado irmão
thank you very much
very helpful. Thanks.
I think the line 22 should be chmod 700 server/private
Great info, thanks.