From 9c2e6d674146a97ccc5e0e106f804f53fa93dcec Mon Sep 17 00:00:00 2001
From: Andreas Fankhauser hiddenalpha.ch
Date: Fri, 9 Dec 2022 20:39:50 +0100
Subject: Add notes about TLS and PEM

---
 doc/note/ssh/_SeeAlsoTls |  0
 doc/note/tls/_SeeAlsoSsh |  0
 doc/note/tls/tls.txt     | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+)
 create mode 100644 doc/note/ssh/_SeeAlsoTls
 create mode 100644 doc/note/tls/_SeeAlsoSsh
 create mode 100644 doc/note/tls/tls.txt

diff --git a/doc/note/ssh/_SeeAlsoTls b/doc/note/ssh/_SeeAlsoTls
new file mode 100644
index 0000000..e69de29
diff --git a/doc/note/tls/_SeeAlsoSsh b/doc/note/tls/_SeeAlsoSsh
new file mode 100644
index 0000000..e69de29
diff --git a/doc/note/tls/tls.txt b/doc/note/tls/tls.txt
new file mode 100644
index 0000000..ce1e305
--- /dev/null
+++ b/doc/note/tls/tls.txt
@@ -0,0 +1,34 @@
+
+TLS Key Management
+==================
+
+WARN: Nothing useful here. Just some nonsense copy-pasta lines.
+
+
+## Create new server PEM cert
+
+```sh
+openssl genrsa -out path/to/private/key 2048
+```
+
+```sh
+openssl req -new -key path/to/private/key -new -nodes -x509 -days 42 -out path/to/certSignRequest.csr -subj "/C=/ST=/L=/O=/OU=/CN=example.com"
+```
+
+```sh
+openssl x509 -req -days 42 -in path/to/certSignRequest.csr -signkey path/to/private/key -out path/to/cert.crt
+```
+
+```sh
+cat path/to/private/key path/to/cert.crt > path/to/cert.pem
+```
+
+
+## TLS debugging
+
+```sh
+socat OPENSSL-LISTEN:1234,reuseaddr,cert=server.pem tcp-connect:127.0.0.1:1235
+```
+
+HINT: Add option 'fork' to ssl sock to serve multiple requests.
+
-- 
cgit v1.1