Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed


    Weekend fun project - OpenSSL based MiniCA in C

    Daniel Nashed  20 November 2021 21:57:25
    Finally I found the time to look into adding a simple web-server component to my OpenSSL based tool written in C.

    The tool is my personal Swiss army knife for certificate conversion and many other options.
    This includes a MicroCA I am using to generate RSA and ECDSA based certs.

    The missing component was request option. Now I can post a CSR and get a certificate including intermediate back.
    And because all other components are already written with OpenSSL and the C interface, I added very basic web server component with TLS and client certificate authentication.

    After testing with locally I put it up on the web and checked with ssllabs.
    Compiled and running on CentOS 8 Stream and OpenSSL 3.0 with a wildcard ECDSA key/cert created via Domino CertMgr with Let's Encrypt.

    nshcertool isn't really available and more my test tool I use in different projects.
    I wrote this also as a sandbox for all kind of OpenSSL functionality.
    It's less cryptic then the OpenSSL command line, but still a complex command-line tool.

    It took a while to find out all the different options and functions needed on OpenSSL for a mini web-server.
    But once figured it out, it is kind of cool also to understand how web-servers use TLS.

    -- Daniel

    Image:Weekend fun project - OpenSSL based MiniCA in C
    No Comments Found



      • [HCL Domino]
      • [Domino on Linux]
      • [Nash!Com]
      • [Daniel Nashed]