Categories
PKI 项目、研究

GnuTLS CA Scripts

By @sskaje
Link: https://sskaje.me/2015/12/gnutls-ca-scripts/

Project: https://github.com/sskaje/gnutls-ca

GnuTLS CA Scripts by @sskaje: https://sskaje.me/2015/12/gnutls-ca-scripts/
Categories
OS X

Build GnuTLS 3.4.x on OS X

By @sskaje
Link: https://sskaje.me/2015/12/build-gnutls-3-4-x-os/

Mac OS X El Captain
Xcode
MacPorts: gsed, gawk
GMP: 6.1.0 from https://gmplib.org/
libidn: 1.32 from http://www.gnu.org/software/libidn/
nettle: 3.1 from http://www.lysator.liu.se/~nisse/nettle/
libtasn1: 4.7 https://www.gnu.org/software/libtasn1/
p11-kit: 0.23.2 from http://p11-glue.freedesktop.org/p11-kit.html
GnuTLS: 3.4.7 from http://www.gnutls.org/
libunbound: 1.5.7 from https://unbound.net
Install path: /opt/gnutls

Build GMP

Build libidn

Build libtasn1

Build nettle

Build p11-kit

Build libunbound

Build GnuTLS

If your GnuTLS is cloned from git, install libtool and autogen, autoconf, automake,
and configure with –disable-doc

Trouble Shooting

Wait……..

Build GnuTLS 3.4.x on OS X by @sskaje: https://sskaje.me/2015/12/build-gnutls-3-4-x-os/

Incoming search terms:

Categories
PKI

GnuTLS Certificate Authority Commands

By @sskaje
Link: https://sskaje.me/2015/12/gnutls-certificate-authority-commands/

Apple has its own certtool, GnuTLS’ certtool is renamed as gnutls-certtool in MacPorts.

Create Private Key

GnuTLS

OpenSSL

Create Certificate Request

GnuTLS

You can also create your own template file rather than filling interactively.

OpenSSL

Sign request

GnuTLS

OpenSSL

I don’t like openssl.cnf!

Show certificate information

GnuTLS

OpenSSL

Export as A PKCS#12

GnuTLS

OpenSSL

Extract Keys And Certificates from PKCS#12

GnuTLS

I don’t know how…
You can manually copy from –p12-info

OpenSSL

Show PKCS#12 Structure

GnuTLS

OpenSSL

GnuTLS Certificate Authority Commands by @sskaje: https://sskaje.me/2015/12/gnutls-certificate-authority-commands/

Incoming search terms:

Categories
杂七杂八

Hijack HTTPS over TLS 1.2 without Charles Proxy

By @sskaje
Link: https://sskaje.me/2014/09/charles-proxy-tls-1-2/

TLS 1.2

Charles Proxy 3.9 uses the bouncycastle 1.4 for SSL/TLS, but TLS 1.2 is not yet supported in bcprov’s latest release(1.51), that’s why I got a

on some sites.

I tried to upgrade bcprov.jar, some incompatible exceptions were thrown.

To check if a https site uses TLSv1.2:

Hijack HTTPS over TLS 1.2 without Charles Proxy by @sskaje: https://sskaje.me/2014/09/charles-proxy-tls-1-2/

Incoming search terms:

Categories
OS X PKI 学习研究 笔记

Generate Certificate with GnuTLS and Sign with OpenSSL

By @sskaje
Link: https://sskaje.me/2014/02/generate-certificate-gnutls-sign-openssl/

In iOS IPSec VPN Server on Ubuntu, I create a local CA with openssl.
I’m setting up an OpenConnect VPN, which uses GnuTLS’s certtool generating ca and sign certificates.

I want to use share the same Root CA for both OpenSSL and GnuTLS, so I’m generating request from GnuTLS and signing with OpenSSL.
Apple has it’s own certtool different from GnuTLS, the MacPorts one is named as gnutls-certtool

Prepare

Create private key

Generate Certificate with GnuTLS and Sign with OpenSSL by @sskaje: https://sskaje.me/2014/02/generate-certificate-gnutls-sign-openssl/

Incoming search terms: