💾 Archived View for thrig.me › tech › ssl › minimum-ca.gmi captured on 2024-05-10 at 12:36:39. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-05-24)
-=-=-=-=-=-=-
This documentation assumes LibreSSL on OpenBSD 7.3; anything with OpenSSL should be similar, though how to best create certificates does vary over time. This is a simple test CA that lives in a directory. Season with security to taste.
Perhaps too minimal, lacking revocation lists and whatnot, but verification can happen for a certificate (minca-test.cert) signed against the certificate authority (minca.cert).
$ sh minimum-ca.sh Generating RSA private key, 4096 bit long modulus ... $ tclsh8.6 pingpong.tcl minca.cert minca-test.cert minca-test.key SERVER listen 7169 CLIENT localhost 7169 pinging SERVER client 127.0.0.1 3168 SERVER ponging CLIENT server said: PONG 1681516486260 CLIENT localhost 7169 pinging SERVER client 127.0.0.1 10954 SERVER ponging CLIENT server said: PONG 1681516486787 CLIENT localhost 7169 pinging SERVER client 127.0.0.1 17953 SERVER ponging CLIENT server said: PONG 1681516487311