|
|
# Generating SSL Certificates for testing purposes
|
|
|
Generating Certificates for JetConf Server and Client using [OpenSSL](https://www.openssl.org/). Example certificates can be found in `data` [subdirectory](https://gitlab.labs.nic.cz/labs/jetconf/tree/master/data) in JetConf repository
|
|
|
|
|
|
[Install OpenSSL](https://github.com/openssl/openssl), if not installed.
|
|
|
```bash
|
|
|
$ sudo apt-get install openssl
|
|
|
```
|
|
|
This tutorial explains how to generate self-signed certificates for the JetConf server and clients using [OpenSSL](https://www.openssl.org/). Example certificates can be found in `data` [subdirectory](https://gitlab.labs.nic.cz/labs/jetconf/tree/master/data) in JetConf repository.
|
|
|
|
|
|
To start with, check that OpenSSL is installed. If not, it should be available as a package for your operating system.
|
|
|
|
|
|
Two bash scripts placed in [JetConf repository](https://gitlab.labs.nic.cz/labs/jetconf/tree/master/utils/cert_gen) in `utils/cert_gen` directory are provided:
|
|
|
|
|
|
* `gen_server_cert.sh` is used once for generating the server certificate.
|
|
|
* `gen_client_cert.sh` is used repeatedly for creating client certificates.
|
|
|
|
|
|
Their usage is described below.
|
|
|
|
|
|
<div class="panel panel-warning">
|
|
|
**Warning**
|
|
|
{: .panel-heading}
|
|
|
<div class="panel-body">
|
|
|
|
|
|
Two bash scripts placed in [JetConf repository](https://gitlab.labs.nic.cz/labs/jetconf/tree/master/utils/cert_gen) in `utils/cert_gen` directory are provided. First script `gen_server_cert.sh` for generating server certificate and second script `gen_client_cert.sh` for creating client certificate. Their usage is described below.
|
|
|
Self-signed certificates are of course not considered trustworthy by common web
|
|
|
browsers and operating systems, so they are only suitable for testing.
|
|
|
|
|
|
**WARNING: Such certificates are of course not considered trustworthy by common web
|
|
|
browsers and operating systems, they are only suitable for testing.**
|
|
|
</div>
|
|
|
</div>
|
|
|
|
|
|
## Certification Authority (CA)
|
|
|
To generate server and client certificates, you need to have CA like certificate to sign these certificates.
|
|
|
You can use pre-generated CA like certificate or generate your own. Pre-generated certificate files `ca.key` and `ca.pem` are placed in [JetConf](https://gitlab.labs.nic.cz/labs/jetconf) repository in `utils/cert_gen` subdirectory.
|
|
|
You can use pre-generated CA like certificate or generate your own. Pre-generated certificate files `ca.key` and `ca.pem` are placed in [JetConf](https://gitlab.labs.nic.cz/labs/jetconf) repository in `utils/cert_gen` subdirectory.
|
|
|
|
|
|
### Generate your own CA like certificate
|
|
|
Make or move to your working directory
|
... | ... | @@ -49,7 +60,7 @@ the provided `gen_server_cert.sh` script. |
|
|
The script can be used in two following ways.
|
|
|
|
|
|
```bash
|
|
|
$ ./gen_server_cert.sh <out_file_suffix> <domain/ip>
|
|
|
$ ./gen_server_cert.sh <out_file_suffix> <domain/ip>
|
|
|
# or
|
|
|
$ ./gen_server_cert.sh <out_file_suffix> <domain/ip> <server_key>
|
|
|
```
|
... | ... | @@ -59,7 +70,7 @@ lets you to pass the private key file as an argument `<server_key>`. |
|
|
The script will autodetect if the certificate is being issued for a domain
|
|
|
name or an IP address `<domain/ip>`, and sets the appropriate SAN value.
|
|
|
|
|
|
**Example**
|
|
|
**Example**
|
|
|
```bash
|
|
|
$ ./gen_server_cert.sh example example.com
|
|
|
```
|
... | ... | |