Overview
Features
Download
Documentation
Community
Add-Ons & Services

Generating SSL Keys/Certs

Please post support and help requests here.

Generating SSL Keys/Certs

Postby qoole » 16 Jun 2009, 11:55

Hi there,

How would I go about creating the required certificates for a simple SSL server/client system?

I cannot find any documentation on this anywhere in your code/docs.
There's not even really enough info needed to tell me what I need to generate that I could look up a howto online.
I'm running Windows and have openssl installed (and have built NetSSL against it.)

Thanks in advance,


Qoole
qoole
 
Posts: 7
Joined: 04 Jun 2009, 17:43

Re: Generating SSL Keys/Certs

Postby guenter » 16 Jun 2009, 13:12

You need to create a private key and a (self-signed) certificate for the server. Both must be in PEM format. There's a How-To on the OpenSSL website that explains the necessary steps: http://www.openssl.org/docs/HOWTO/certificates.txt
guenter
 
Posts: 1138
Joined: 11 Jul 2006, 16:27
Location: Austria

Re: Generating SSL Keys/Certs

Postby qoole » 16 Jun 2009, 16:31

Hi,

Thanks guenter that was all the info I needed. Shame it's not in the source or the docs!
qoole
 
Posts: 7
Joined: 04 Jun 2009, 17:43

Re: Generating SSL Keys/Certs

Postby qoole » 26 Jun 2009, 15:04

Hi again,

Next question,
do I have to supply the same Cert/Priv key for both the server and the client, that seems kind of daft.

Sorry for these newbish questions, SSL is somewhat new to me, from the Development side anyway.

Thanks in advance,

Qoole
qoole
 
Posts: 7
Joined: 04 Jun 2009, 17:43

Re: Generating SSL Keys/Certs

Postby guenter » 26 Jun 2009, 21:50

You need to supply the private key and certificate to the server only, unless you are using certificate-based client authentication.
guenter
 
Posts: 1138
Joined: 11 Jul 2006, 16:27
Location: Austria

Re: Generating SSL Keys/Certs

Postby qoole » 26 Jun 2009, 21:54

How would I go about doing the Cert-Based Auth?
qoole
 
Posts: 7
Joined: 04 Jun 2009, 17:43

Re: Generating SSL Keys/Certs

Postby aderouineau » 02 Jul 2009, 02:39

When creative a secure socket (Poco::Net::SecureServerSocket), you have multiple constructors. The one that would probably interest you the most is SecureServerSocket(
const SocketAddress & address,
int backlog,
Context::Ptr pContext
);

Default value for backlog seems to be 64.

The valuable part is the Context (Poco::Net[SSL]::Context); here's the constructor:

Context(
Usage usage,
const std::string & privateKeyFile,
const std::string & certificateFile,
const std::string & caLocation,
VerificationMode verificationMode = VERIFY_RELAXED,
int verificationDepth = 9,
bool loadDefaultCAs = false,
const std::string & cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
);

For usage you would put: SERVER_USE
You would then provide the certificate and key files of the server.
To establish client certificate-based authentication, you then provide a path to the location of the copies of those client certificates -> caLocation
You can then choose verificationMode to be VERIFY_STRICT for true authentication. Using VERIFY_RELAXED should allow anonymous access (when the client doesn't provide any certificate).
aderouineau
 
Posts: 163
Joined: 18 May 2009, 17:38

Re: Generating SSL Keys/Certs

Postby hitengajjar » 06 Nov 2009, 13:28

I wonder POCO does not have a sample for basic SSLServer and SSLClient application.
Having a tutorial on it will definitely help understand NetSSL library and help new bees like me to write my own full fledged SSL Server and SSL Client applications using POCO.

If you already have any working sample, it will help me in great deal!

Thanks in advance.
hitengajjar
 
Posts: 1
Joined: 06 Nov 2009, 13:22


Return to Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron