How to make browser trust localhost SSL certificate? [closed]

tl;dr Generate a certificate issued by own CA (see the script below) Here’s what I’ve found. Correct me where I’m wrong. There are CA’s (certificate authorities). They issue certificates (sign CSR’s) for other CA’s (intermediate CA’s), or servers (end entity certificates). Some of them are root authorities. They have self-signed certificates, issued by themselves. That … Read more

Cross Compile OpenSSH for ARM

To cross compile openSHH for ARM (in my case a mini2440) I did following: Install arm cross compiler – (eg. what is arm-linux-gcc and how to install this in ubuntu) Download: Zlib OpenSSL OpenSSH Build Zlib: cd zlib-1.2.7 CC=arm-linux-gnueabi-gcc ./configure –prefix=$HOME/zlibArm make make install Build OpenSSL: export cross=arm-linux-gnueabi- cd openssl-1.0.1c ./Configure dist –prefix=$HOME/opensslArm make CC=”${cross}gcc” … Read more

When was TLS 1.2 support added to OpenSSL?

On the official changelog page you provided, under Changes between 1.0.0h and 1.0.1 [14 Mar 2012] you can see Initial TLS v1.2 support. *) Add TLS v1.2 server support for client authentication. [Steve Henson] *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don’t know the … Read more

How do I get Visual Studio Code to trust our self-signed proxy certificate?

This is a terrible answer (not very secure), but appears to be the current Microsoft official answer. Use “http.proxyStrictSSL”: false in your settings.json file. This should work to get around the issue of installing extensions inside a corporate network, but I’d recommend disabling the setting if you are going to be working from home/coffee shop … Read more

Creating a .p12 file

The openssl documentation says that file supplied as the -in argument must be in PEM format. Turns out that, contrary to the CA’s manual, the certificate returned by the CA which I stored in myCert.cer is not PEM format rather it is PKCS7. In order to create my .p12, I had to first convert the … Read more

How to convert an ECDSA key to PEM format

You are claiming your raw key is in OpenSSL’s DER format, which it isn’t. Also you are claming a private key is a public key, which it isn’t, and claiming it’s password-encrypted which is wrong either way: public keys are never encrypted and private keys in OpenSSL’s ‘traditional’ aka ‘legacy’ algorithm-specific DER formats (for ECC, … Read more

How to create public and private key with openssl?

You can generate a public-private keypair with the genrsa context (the last number is the keylength in bits): openssl genrsa -out keypair.pem 2048 To extract the public part, use the rsa context: openssl rsa -in keypair.pem -pubout -out publickey.crt Finally, convert the original keypair to PKCS#8 format with the pkcs8 context: openssl pkcs8 -topk8 -inform … Read more

Convert pem key to ssh-rsa format

No need to compile stuff. You can do the same with ssh-keygen: ssh-keygen -f -i will read the public key in openssl format from and output it in OpenSSH format. Note: In some cases you will need to specify the input format: ssh-keygen -f -i -mPKCS8 From the ssh-keygen docs (From man … Read more