1. CA
a. openssl req -out CA.pem -new -x509 -days 365
b. openssl pkcs12 -export -out CA.pfx -inkey privkey.pem -in CA.pem
2. Server
a. openssl genrsa -out server.key 1024
b. openssl req -key server.key -new -out server.req
c. openssl x509 -req -in server.req -CA ../CA/CA.pem -CAkey ../CA/privkey.pem -set_serial 01 -out server.pem
3. Client
a. openssl genrsa -out client.key 1024
b. openssl req -key client.key -new -out client.req
c. openssl x509 -req -in client.req -CA ../CA/CA.pem -CAkey ../CA/privkey.pem -set_serial 02 -out client.pem
PS:
a. pay attention to COMMON NAME during configuration. It should match the server name.
b. to skip hostname verification configured by COMMON NAME.
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L)
Sunday, November 27, 2011
Subscribe to:
Posts (Atom)
Little Linus
