💾 Archived View for thrig.me › tech › ssl › minimum-ca.gmi captured on 2024-08-18 at 19:15:34. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-05-24)
-=-=-=-=-=-=-
This documentation assumes LibreSSL on OpenBSD 7.3; anything with OpenSSL should be similar, though how to best create certificates does vary over time. This is a simple test CA that lives in a directory. Season with security to taste.
Perhaps too minimal, lacking revocation lists and whatnot, but verification can happen for a certificate (minca-test.cert) signed against the certificate authority (minca.cert).
$ sh minimum-ca.sh
Generating RSA private key, 4096 bit long modulus
...
$ tclsh8.6 pingpong.tcl minca.cert minca-test.cert minca-test.key
SERVER listen 7169
CLIENT localhost 7169 pinging
SERVER client 127.0.0.1 3168
SERVER ponging
CLIENT server said: PONG 1681516486260
CLIENT localhost 7169 pinging
SERVER client 127.0.0.1 10954
SERVER ponging
CLIENT server said: PONG 1681516486787
CLIENT localhost 7169 pinging
SERVER client 127.0.0.1 17953
SERVER ponging
CLIENT server said: PONG 1681516487311