Search
Member List
Calendar
Help
|
Problem with certificates
|
|
2014-06-02, 13:08
(This post was last modified: 2014-06-02 13:11 by welty.)
Post: #4
|
|||
|
|||
|
RE: Problem with certificates
Hello !
Thanks for the quick answer ! I think I use TLS V1 because of : [undefined=undefined][Mon Jun 02 13:55:00.445305 2014] [ssl:debug] [pid 26578] ssl_engine_kernel.c(1846): [client 172.29.40.129:42572] AH02041: Protocol: TLSv1, Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)[/undefined] with a wget client (not ipxe) : wget --no-check-certificate --private-key=client.key --verbose --ca-certificate=ca.crt --certificate=client.crt https://m2-mn/file The command line used to generate the binary is : [undefined=undefined]make DEBUG=tls bin/undionly.kpxe CERT=/diskless/certs/client.crt,/diskless/certs/ca.crt TRUST=/diskless/certs/ca.crt[/undefined] I generate the certificates with this script (thanks to another post on this forum!) [undefined=undefined]#!/bin/bash CERT_DIR=/diskless/certs cd $CERT_DIR rm -rf signed/ ca.idx ca.idx.attr ca.idx.attr.old ca.idx.old rm sslpass echo pass >> sslpass echo pass >> sslpass echo echo ============================================================================ echo echo ' Creating CA Certificate' echo echo ============================================================================ echo # CREATE ROOT Certificate openssl req -x509 -newkey rsa:2048 -out ca.crt -keyout ca.key -days 3650 \ -subj "/C=FR/ST=Isere/L=Grenoble/O=B/CN=diskless" \ -passin file:sslpass -passout file:sslpass echo echo ============================================================================ echo echo ' Creating SERVER Certificate' echo echo ============================================================================ echo cat << EOF >> ca.cnf [ ca ] default_ca = ca_default [ ca_default ] certificate = ca.crt private_key = ca.key serial = ca.srl database = ca.idx new_certs_dir = signed default_md = default policy = policy_anything preserve = yes default_days = 90 unique_subject = no [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = optional emailAddress = optional [ cross ] basicConstraints = critical,CA:true keyUsage = critical,cRLSign,keyCertSign [ codesigning ] keyUsage = digitalSignature extendedKeyUsage = codeSigning EOF echo 01 > ca.srl touch ca.idx mkdir signed # CREATE Certificate openssl req -newkey rsa:2048 -keyout server.key -out server.req \ -subj "/C=FR/ST=Isere/L=Grenoble/O=Bull/CN=m2-mn" \ -passin file:sslpass -passout file:sslpass # SIGN Certificate using CA Certificate openssl ca -config ca.cnf -in server.req -out server.crt \ -passin file:sslpass -batch echo echo ============================================================================ echo echo ' Creating CODE SIGN Certificate' echo echo ============================================================================ echo # CREATE Certificate openssl req -newkey rsa:2048 -keyout codesign.key -out codesign.req \ -subj "/C=FR/ST=Isere/L=Grenoble/O=Bull/CN=m2-mn" \ -passin file:sslpass -passout file:sslpass # SIGN Certificate using CA Certificate openssl ca -config ca.cnf -extensions codesigning -in codesign.req -out codesign.crt \ -passin file:sslpass -batch echo echo ============================================================================ echo echo ' Creating CLIENT Certificate' echo echo ============================================================================ echo # CREATE Certificate openssl req -newkey rsa:2048 -keyout client.key -out client.req \ -subj "/C=FR/ST=Isere/L=Grenoble/O=B/CN=m44-mn" \ -passin file:sslpass -passout file:sslpass # SIGN Certificate using CA Certificate openssl ca -config ca.cnf -in client.req -out client.crt \ -passin file:sslpass -batch echo echo ============================================================================ echo echo ' Removing Passwords' echo echo ============================================================================ echo cp ca.key ca.key.org openssl rsa -in ca.key.org -out ca.key \ -passin file:sslpass cp server.key server.key.org openssl rsa -in server.key.org -out server.key \ -passin file:sslpass cp client.key client.key.org openssl rsa -in client.key.org -out client.key \ -passin file:sslpass cp codesign.key codesign.key.org openssl rsa -in codesign.key.org -out codesign.key \ -passin file:sslpass [/undefined] thanks a lot for your help ! Regards, Benoit |
|||
|
|
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)