OpenSSL

open source implementation of TLS/SSL and tools

https://www.openssl.org/

Generate certificates for and install CA certificate in OpenSSL conf
 * the CA Certification Authority
 * the HA Proxy
 * the Clients

Scripts are inspired from http://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority

Just

./generate.sh

cat servercert.pem serverkey.pem > server.pem cat clientcert.pem clientkey.pem > client.pem

=Server authentication=

Term1: openssl s_server -accept 8080 -cert server.pem

Term2: openssl s_client -connect localhost:8080 -cert client.pem

=Mutual authentication (TCP)= Term1: openssl s_server -accept 8080 -cert server.pem -Verify client.crt Term2: openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error Term3: openssl s_client -connect localhost:8080 -verify_return_error echo return immediately

=Mutual authentication (DTLS)= Term1: openssl s_server -accept 8080 -cert server.pem -Verify client.crt -dtls1 Term2: openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error -dtls1

See
 * https://www.openssl.org/docs/manmaster/apps/s_server.html
 * https://www.openssl.org/docs/manmaster/apps/s_client.html