Hello, Some years ago (in 2012) I wrote an OpenSSL server, loosely based on the example sources 'openssl-examples-20020110' which nowadays still exist in https://github.com/smbutton/DataCommProject/tree/master/openssl-examples-20020110/openssl-examples-20020110 There was also some guiding available about how to create the necessary key material, which goes more or less like this: -------------------------------------------------------------------------------- $ mkdir newca $ cd newca $ cp /usr/local/openssl/misc/CA.sh . $ ./CA.sh -newca will create a new CA. Remember the passphrase as you will need it to sign certificates. $ cp demoCA/cacert.pem ../root.pem Second step $ ./CA.sh -newreq will create a certificate and a certification request. Set the passphrase to 'password' as this is hard-coded in the examples' source code. It is important to set the [Common Name] to 'localhost'. Third step $ ./CA.sh -sign will sign your newly created certificate. Enter the password for your CA which you have defined in step 1. Fourth step $ cat newreq.pem newkey.pem newcert.pem > ../localhost.pem $ cd .. $ ln -s localhost.pem server.pem $ ln -s localhost.pem client.pem Maybe you also want to issue $ openssl dhparam 1024 -2 -out dh1024.pem -outform PEM in order to update the DH parameters. -------------------------------------------------------------------------------- What I (today) do not understand is the last step about creating the file 'dh1024.pem' :-( Two questions: 1. Why this has no input file? Shouldn't it have on, and which? The man page says, it would read stdin, but it doesn't do so. 2. When I re-run the examples today the above command does not even produces a file 'dh1024.pem', but writes the result to stdout: openssl dhparam 1024 -2 -outform PEM -out dh1024.pem .... (lot of random output) ... -----BEGIN DH PARAMETERS----- MIGHAoGBAIc6JqvNBSGwdBBzIJQAuq+TG+ttNNYZcUv/p3/nloWGwxeCKqWt2M4x z6WsA3tVbykRw80A0Rja2y7IHZ9dGJc/guxrxUpNketeSddFzGicz6mrEafSdurd ephztXEmQ63XP4ULPlcaOXzYk6GLUXFYKVYuIHnpdcJLLRMFWZ0bAgEC -----END DH PARAMETERS----- How this is supposed to work? Thanks matthias -- Matthias Apitz, ✉ guru@xxxxxxxxxxx, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub
