Skip to content

Instantly share code, notes, and snippets.

@nodemvc

nodemvc/SelfSignedRootCA.md

Last active December 5, 2023 02:20
Show Gist options
  • Save nodemvc/d7cdc24900d3484c0c3a80a07098dfdc to your computer and use it in GitHub Desktop.
Save nodemvc/d7cdc24900d3484c0c3a80a07098dfdc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SelfSignedRootCA.md

Root CA Private Key

generate root cert auth private key

openssl genrsa -out rootCA.key 2048

Root CA Cert

openssl req does the folloing:

This command primarily creates and processes certificate requests (CSRs) in PKCS#10 format. It can additionally create self-signed certificates for use as root CAs for example.

This command creates the root CA cert

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.pem

Device Private Key

generate device private key

openssl genrsa -out device.key 2048

Device CSR (cert signing request)

Then, generate a certificate signing request.

openssl req -new -key device.key -out device.csr

note: i used localhost for common name and it worked fine note: challege password = 3579640978

Device Certificate

sign the CSR with the device private key. the csr already has been signed with the device private key

openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 364 -sha256

referenced

https://gist.github.com/marshalhayes/ca9508f97d673b6fb73ba64a67b76ce8 https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

Raw
test_client.py
import socket
import ssl
CERT_FILE = '/Users/qle/certificate/rootCA.pem'
HOST = "127.0.0.1"
PORT = 60002
SERVER_HOST = "localhost"
SERVER_PORT = 60000
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_verify_locations(CERT_FILE)
client = context.wrap_socket(sock=client, server_side=False, server_hostname=SERVER_HOST)
if __name__ == "__main__":
client.bind((HOST, PORT))
client.connect((SERVER_HOST, SERVER_PORT))
while True:
from time import sleep
client.send("Hello World!".encode("utf-8"))
sleep(1)
Raw
test_server.py
import socket
import ssl
KEY_FILE = '/Users/qle/certificate/device.key'
CERT_FILE = '/Users/qle/certificate/device.crt'
HOST = "127.0.0.1"
PORT = 60000
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(
certfile=CERT_FILE,
keyfile=KEY_FILE
)
server = context.wrap_socket(sock=server, server_side=True)
if __name__ == "__main__":
server.bind((HOST, PORT))
server.listen(0)
while True:
connection, client_address = server.accept()
while True:
data = connection.recv(1024)
if not data:
break
print(f"Received: {data.decode('utf-8')}")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment