OpenSSL: Difference between revisions
Jump to navigation
Jump to search
(Created page with " https://www.openssl.org/") |
No edit summary |
||
| Line 1: | Line 1: | ||
open source implementation of TLS/[[SSL]] and tools |
|||
https://www.openssl.org/ |
https://www.openssl.org/ |
||
Generate certificates for |
|||
* the CA Certification Authority |
|||
* the HA Proxy |
|||
* the Clients |
|||
and install CA certificate in OpenSSL conf |
|||
Scripts are inspired from http://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority |
|||
Just |
|||
<pre> |
|||
./generate.sh |
|||
</pre> |
|||
<pre> |
|||
cat servercert.pem serverkey.pem > server.pem |
|||
cat clientcert.pem clientkey.pem > client.pem |
|||
</pre> |
|||
=Server authentication= |
|||
Term1: |
|||
<pre> |
|||
openssl s_server -accept 8080 -cert server.pem |
|||
</pre> |
|||
Term2: |
|||
<pre> |
|||
openssl s_client -connect localhost:8080 -cert client.pem |
|||
</pre> |
|||
=Mutual authentication (TCP)= |
|||
Term1: |
|||
<pre> |
|||
openssl s_server -accept 8080 -cert server.pem -Verify client.crt |
|||
</pre> |
|||
Term2: |
|||
<pre> |
|||
openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error |
|||
</pre> |
|||
Term3: |
|||
<pre>openssl s_client -connect localhost:8080 -verify_return_error |
|||
echo return immediately |
|||
</pre> |
|||
=Mutual authentication ([[DTLS]])= |
|||
Term1: |
|||
<pre> |
|||
openssl s_server -accept 8080 -cert server.pem -Verify client.crt -dtls1 |
|||
</pre> |
|||
Term2: |
|||
<pre> |
|||
openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error -dtls1 |
|||
</pre> |
|||
See |
|||
* https://www.openssl.org/docs/manmaster/apps/s_server.html |
|||
* https://www.openssl.org/docs/manmaster/apps/s_client.html |
|||
Latest revision as of 13:55, 31 January 2017
open source implementation of TLS/SSL and tools
Generate certificates for
- the CA Certification Authority
- the HA Proxy
- the Clients
and install CA certificate in OpenSSL conf
Scripts are inspired from http://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority
Just
./generate.sh
cat servercert.pem serverkey.pem > server.pem cat clientcert.pem clientkey.pem > client.pem
Server authentication
Term1:
openssl s_server -accept 8080 -cert server.pem
Term2:
openssl s_client -connect localhost:8080 -cert client.pem
Mutual authentication (TCP)
Term1:
openssl s_server -accept 8080 -cert server.pem -Verify client.crt
Term2:
openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error
Term3:
openssl s_client -connect localhost:8080 -verify_return_error echo return immediately
Mutual authentication (DTLS)
Term1:
openssl s_server -accept 8080 -cert server.pem -Verify client.crt -dtls1
Term2:
openssl s_client -connect localhost:8080 -cert client.pem -verify_return_error -dtls1
See