blob: 3d462c7a7285fb1d8e2f233824d0d94764a0a68d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
$Id: README.ssl,v 1.3 2006/12/10 12:23:40 m0gg Exp $
===============================================================================
How to use SSL with nanoHTTP/cSOAP
1. Simple key generation
2. Generate a key with a certificate
3. Generate a certification authority
3.1 Create the directory structure
3.2 Generate the CA key
3.3 Sign a certification request
4. Commandline arguments at startup
5. Howto hide the password
6. What else?
1. Simple key generation
$ openssl req -nodes -days 1825 -subj "/CN=`hostname`" -newkey rsa:1024 -keyout sslkey.pem -out sslreq.pem
2. Generate a key with a certificate
2.1. Create a key and a certification request as in 1.
2.2. Post the sslreq.pem to your favorite CA
2.3. Join your key with the certificate from yout CA
$ cat ssl.cert >> sslkey.pem
3. Generate a certification authority
3.1 Create the directory structure
$ mkdir ca
$ echo '01' > $1 ca/serial
$ touch ca/index.txt
$ mkdir ca/crl
$ mkdir ca/newcerts
$ mkdir ca/private
$ chmod 700 ca/private
3.2 Generate the CA key
$ openssl req -x509 -nodes -days 1826 -subj "/CN=myCa" -newkey rsa:1024 -keyout ca/private/cakey.pem -out ca/cacert.pem
3.3 Sign a certification request
$ openssl ca -in sslreq.pem -out ssl.cert
4. Commandline arguments at startup
-NHTTPS Enable https protocol in the nanoHTTP server
-NHTTPcert CERTfile A file containing a certificate chain from file. The
certificates must be in PEM format and must be sorted
starting with the subject's certificate (actual client
or server certificate), followed by intermediate CA
certificates if applicable, and ending at the highest
level (root) CA.
-NHTTPcertpass password The password to be used during decryption of the
certificate.
-NHTTPCA CAfile File pointing to a file of CA certificates in PEM
format. The file can contain several CA certificates
identified by
-----BEGIN CERTIFICATE-----
... (CA certificate in base64 encoding) ...
-----END CERTIFICATE-----
sequences. Before, between, and after the certificates
text is allowed which can be used e.g. for descriptions
of the certificates.
5. Howto hide the password
You can use the following functions before calling httpd_init, httpc_init and
accordingly soap_server_init, soap_client_init. The are roughly the same then the
commandline versions.
- hssl_enable(void)
- hssl_set_certificate(const char *CERTfile)
- hssl_set_certpass(const char *pass)
- hssl_set_ca(const char *CAfile)
NOTE: If you use this functions an specify the commandline arguments, then the
commandline arguments take precedence.
6. What else?
- int hssl_enabled(void)
|
