OpenSSL
Jump to navigation
Jump to search
open source implementation of TLS/SSL and tools
Generate certificates for
- the CA Certification Authority
- the HA Proxy
- the Clients
and install CA certificate in OpenSSL conf
Scripts are inspired from http://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority
Just
./generate.sh
cat servercert.pem serverkey.pem > server.pem cat clientcert.pem clientkey.pem > client.pem
Server authentication
Term1:
openssl s_server -accept 8080 -cert server.pem
Term2:
openssl s_client -connect localhost:8080 -cert client.pem
Mutual authentication (TCP)
Term1:
openssl s_server -accept 8080 -cert server.pem -Verify client.crt
Term2:
openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error
Term3:
openssl s_client -connect localhost:8080 -verify_return_error echo return immediately
Mutual authentication (DTLS)
Term1:
openssl s_server -accept 8080 -cert server.pem -Verify client.crt -dtls1
Term2:
openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error -dtls1
See