blob: ce1e305af2572bf2e3bebafdfabbaed46b18e87e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
TLS Key Management
==================
WARN: Nothing useful here. Just some nonsense copy-pasta lines.
## Create new server PEM cert
```sh
openssl genrsa -out path/to/private/key 2048
```
```sh
openssl req -new -key path/to/private/key -new -nodes -x509 -days 42 -out path/to/certSignRequest.csr -subj "/C=/ST=/L=/O=/OU=/CN=example.com"
```
```sh
openssl x509 -req -days 42 -in path/to/certSignRequest.csr -signkey path/to/private/key -out path/to/cert.crt
```
```sh
cat path/to/private/key path/to/cert.crt > path/to/cert.pem
```
## TLS debugging
```sh
socat OPENSSL-LISTEN:1234,reuseaddr,cert=server.pem tcp-connect:127.0.0.1:1235
```
HINT: Add option 'fork' to ssl sock to serve multiple requests.
|