Differences

This shows you the differences between two versions of the page.

--- linux:ssl [2024/08/03 23:19] – [Linux SSL] admin
+++ linux:ssl [2024/11/09 13:13] (current) – [SSl certificates] admin
@@ Line 6: / Line 6: @@
   * https://medium.com/@seabro/how-to-create-selfsigned-ca-and-custom-wildcard-ssl-certificate-1112ed2080f7
+===== SSl certificates =====
+<code BASH>
+# Example get and install https://discuss.elastic.co/t/error-response-from-daemon-get-https-docker-elastic-co-v2-x509-certificate-signed-by-unknown-authority/281754
+curl --trace - https://docker.elastic.co:443
+cd ~
+openssl s_client -showcerts -connect www.domain.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >domain.com.crt
+sudo cp domain.com.crt /usr/local/share/ca-certificates
+sudo update-ca-certificates
+</code>
+<code BASH>
+openssl s_client -connect bot.ip2u.ru:4443 -showcerts
+openssl s_client -showcerts -connect www.domain.com:443
+openssl s_client -showcerts -connect bot.ip2u.ru:4443 </dev/null 2>/dev/null|openssl x509 -outform PEM >ip2u_ru.crt
+cat ./ip2u_ru.crt
+sudo cp ./ip2u_ru.crt /usr/local/share/ca-certificates/ip2u.ru.crt
+sudo update-ca-certificates
+openssl s_client -showcerts -connect bot.ip2u.ru:4443
+openssl s_client -CAfile ./ip2u_ru.crt -connect bot.ip2u.ru:4443
+curl --verbose  bot.ip2u.ru:4443
+</code>
 ===== Linux SSL key managment  =====
   * update ca certificate on ubuntu  https://www.dmosk.ru/miniinstruktions.php?mini=root-ca-linux
@@ Line 13: / Line 35: @@
   * https://github.com/smallstep/cli#installation-guide - pki script managment
   * https://github.com/OpenVPN/easy-rsa asy-rsa is a CLI utility to build and manage a PKI CA
+===== Linux MTLS =====
+https://get.localhost.direct/ \\
+  * https://victoronsoftware.com/posts/mtls/
+  * https://smallstep.com/hello-mtls/doc/server/nginx - cert auth nginx
+  * https://www.dmosk.ru/miniinstruktions.php?mini=nginx-mtls#client
 ===== OpenSSL key manipulating =====