Weekend fun project - OpenSSL based MiniCA in C
Daniel Nashed – 20 November 2021 21:57:25
Finally I found the time to look into adding a simple web-server component to my OpenSSL based tool written in C. The tool is my personal Swiss army knife for certificate conversion and many other options.
This includes a MicroCA I am using to generate RSA and ECDSA based certs.
The missing component was request option. Now I can post a CSR and get a certificate including intermediate back.
And because all other components are already written with OpenSSL and the C interface, I added very basic web server component with TLS and client certificate authentication.
After testing with testssl.sh locally I put it up on the web and checked with ssllabs.
Compiled and running on CentOS 8 Stream and OpenSSL 3.0 with a wildcard ECDSA key/cert created via Domino CertMgr with Let's Encrypt.
nshcertool isn't really available and more my test tool I use in different projects.
I wrote this also as a sandbox for all kind of OpenSSL functionality.
It's less cryptic then the OpenSSL command line, but still a complex command-line tool.
It took a while to find out all the different options and functions needed on OpenSSL for a mini web-server.
But once figured it out, it is kind of cool also to understand how web-servers use TLS.
-- Daniel
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}