OpenSSL

From air
Jump to navigation Jump to search

open source implementation of TLS/SSL and tools

https://www.openssl.org/


Generate certificates for

  • the CA Certification Authority
  • the HA Proxy
  • the Clients

and install CA certificate in OpenSSL conf

Scripts are inspired from http://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority

Just 

./generate.sh

cat servercert.pem serverkey.pem > server.pem
cat clientcert.pem clientkey.pem > client.pem

Server authentication

Term1: 

openssl s_server -accept 8080 -cert server.pem

Term2: 

openssl s_client -connect  localhost:8080 -cert client.pem


Mutual authentication (TCP)

Term1: 

openssl s_server -accept 8080 -cert server.pem -Verify client.crt

Term2: 

openssl s_client -connect  localhost:8080 -cert client.pem -verify_return_error

Term3: 

openssl s_client -connect  localhost:8080 -verify_return_error
echo return immediately

Mutual authentication (DTLS)

Term1: 

openssl s_server -accept 8080 -cert server.pem -Verify client.crt -dtls1

Term2: 

openssl s_client -connect  localhost:8080 -cert client.pem -verify_return_error -dtls1


See

Retrieved from "https://air.imag.fr/index.php?title=OpenSSL&oldid=32970"