GnuTLS CA Scripts

Project: https://github.com/sskaje/gnutls-ca

GnuTLS CA Scripts by @sskaje: https://sskaje.me/2015/12/gnutls-ca-scripts/

Build GnuTLS 3.4.x on OS X

Mac OS X El Captain
Xcode
MacPorts: gsed, gawk
GMP: 6.1.0 from https://gmplib.org/
libidn: 1.32 from http://www.gnu.org/software/libidn/
nettle: 3.1 from http://www.lysator.liu.se/~nisse/nettle/
libtasn1: 4.7 https://www.gnu.org/software/libtasn1/
p11-kit: 0.23.2 from http://p11-glue.freedesktop.org/p11-kit.html
GnuTLS: 3.4.7 from http://www.gnutls.org/
libunbound: 1.5.7 from https://unbound.net
Install path: /opt/gnutls

Build GMP

Build libidn

Build libtasn1

Build nettle

Build p11-kit

Build libunbound

Build GnuTLS

If your GnuTLS is cloned from git, install libtool and autogen, autoconf, automake,
and configure with –disable-doc

Trouble Shooting

Wait……..

Build GnuTLS 3.4.x on OS X by @sskaje: https://sskaje.me/2015/12/build-gnutls-3-4-x-os/

Incoming search terms:

GnuTLS Certificate Authority Commands

Apple has its own certtool, GnuTLS’ certtool is renamed as gnutls-certtool in MacPorts.

Create Private Key

GnuTLS

OpenSSL

Create Certificate Request

GnuTLS

You can also create your own template file rather than filling interactively.

OpenSSL

Sign request

GnuTLS

OpenSSL

I don’t like openssl.cnf!

Show certificate information

GnuTLS

OpenSSL

Export as A PKCS#12

GnuTLS

OpenSSL

Extract Keys And Certificates from PKCS#12

GnuTLS

I don’t know how…
You can manually copy from –p12-info

OpenSSL

Show PKCS#12 Structure

GnuTLS

OpenSSL

GnuTLS Certificate Authority Commands by @sskaje: https://sskaje.me/2015/12/gnutls-certificate-authority-commands/

Incoming search terms:

Hijack HTTPS over TLS 1.2 without Charles Proxy

TLS 1.2

Charles Proxy 3.9 uses the bouncycastle 1.4 for SSL/TLS, but TLS 1.2 is not yet supported in bcprov’s latest release(1.51), that’s why I got a

on some sites.

I tried to upgrade bcprov.jar, some incompatible exceptions were thrown.

To check if a https site uses TLSv1.2:

Continue reading “Hijack HTTPS over TLS 1.2 without Charles Proxy” »

Hijack HTTPS over TLS 1.2 without Charles Proxy by @sskaje: https://sskaje.me/2014/09/charles-proxy-tls-1-2/

Incoming search terms:

Generate Certificate with GnuTLS and Sign with OpenSSL

In iOS IPSec VPN Server on Ubuntu, I create a local CA with openssl.
I’m setting up an OpenConnect VPN, which uses GnuTLS’s certtool generating ca and sign certificates.

I want to use share the same Root CA for both OpenSSL and GnuTLS, so I’m generating request from GnuTLS and signing with OpenSSL.
Apple has it’s own certtool different from GnuTLS, the MacPorts one is named as gnutls-certtool

Prepare

Create private key

Continue reading “Generate Certificate with GnuTLS and Sign with OpenSSL” »

Generate Certificate with GnuTLS and Sign with OpenSSL by @sskaje: https://sskaje.me/2014/02/generate-certificate-gnutls-sign-openssl/

Incoming search terms: