summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.ssl88
1 files changed, 84 insertions, 4 deletions
diff --git a/README.ssl b/README.ssl
index 5bea839..1c9b138 100644
--- a/README.ssl
+++ b/README.ssl
@@ -1,10 +1,90 @@
-$Id: README.ssl,v 1.1 2006/11/29 11:31:36 m0gg Exp $
+$Id: README.ssl,v 1.2 2006/11/29 12:47:44 m0gg Exp $
===============================================================================
-How to use SSL with nanohttp/csoap
+How to use SSL with nanoHTTP/cSOAP
1. Simple key generation
2. Generate a key with a certificate
- 3. Commandline arguments for startup
- 4. Howto hide the password
+ 3. Generate a certification authority
+ 3.1 Create the directory structure
+ 3.2 Generate the CA key
+ 3.3 Sign a certification request
+ 4. Commandline arguments at startup
+ 5. Howto hide the password
+ 6. What else?
+
+1. Simple key generation
+
+ $ openssl req -nodes -days 1825 -subj "/CN=`hostname`" -newkey rsa:1024 -keyout sslkey.pem -out sslreq.pem
+
+2. Generate a key with a certificate
+
+2.1. Create a key and a certification request as in 1.
+2.2. Post the sslreq.pem to your favorite CA
+2.3. Join your key with the certificate from yout CA
+ $ cat ssl.cert >> sslkey.pem
+
+3. Generate a certification authority
+
+3.1 Create the directory structure
+
+ $ mkdir ca
+ $ echo '01' > $1 ca/serial
+ $ touch ca/index.txt
+ $ mkdir ca/crl
+ $ mkdir ca/newcerts
+ $ mkdir ca/private
+ $ chmod 700 ca/private
+
+3.2 Generate the CA key
+
+ $ openssl req -x509 -nodes -days 1826 -subj "/CN=myCa" -newkey rsa:1024 -keyout ca/private/cakey.pem -out ca/cacert.pem
+
+3.3 Sign a certification request
+
+ $ openssl ca -in sslreq.pem -out ssl.cert
+
+4. Commandline arguments at startup
+
+-NHTTPS Enable https protocol in the nanoHTTP server
+
+-NHTTPcert CERTfile A file containing a certificate chain from file. The
+ certificates must be in PEM format and must be sorted
+ starting with the subject's certificate (actual client
+ or server certificate), followed by intermediate CA
+ certificates if applicable, and ending at the highest
+ level (root) CA.
+
+-NHTTPcertpass password The password to be used during decryption of the
+ certificate.
+
+-NHTTPCA CAfile File pointing to a file of CA certificates in PEM
+ format. The file can contain several CA certificates
+ identified by
+
+ -----BEGIN CERTIFICATE-----
+ ... (CA certificate in base64 encoding) ...
+ -----END CERTIFICATE-----
+
+ sequences. Before, between, and after the certificates
+ text is allowed which can be used e.g. for descriptions
+ of the certificates.
+
+5. Howto hide the password
+
+You can use the following functions before calling httpd_init, httpc_init and
+accordingly soap_server_init, soap_client_init. The are roughly the same then the
+commandline versions.
+
+ - hssl_enable(void)
+ - hssl_set_certificate(const char *CERTfile)
+ - hssl_set_certpass(const char *pass)
+ - hssl_set_ca(const char *CAfile)
+
+NOTE: If you use this functions an specify the commandline arguments, thenn the
+commandline arguments take precedence.
+
+6. What else?
+
+ - int hssl_enabled(void)