Mini tutorial for configuring client-side SSL certificates.

Client-side SSL

For excessively paranoid client authentication.

Using self-signed certificate.

Create a Certificate Authority root (which represents this server)

Organization & Common Name: Some human identifier for this server CA.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Continue reading “Mini tutorial for configuring client-side SSL certificates.”

Bypassing censorship by using obfsproxy and openVPN , SSH Tunnel | Container of Scribbles

Syrian ISPs are using sophisticated technologies to monitor and filter traffic. These boxes are DPI (Deep Packet Inspection) and what they do is sniff out every little packet flowing through them to find specific patterns and then they provide their administrator with the option to block traffic that matches these patterns. These boxes are very sophisticated and they don’t just filter traffic by src, dst or port, they filter traffic by the content the packets carry.

Continue reading “Bypassing censorship by using obfsproxy and openVPN , SSH Tunnel | Container of Scribbles”

Convert keys between GnuPG, OpenSsh and OpenSSL – Sysmic.org

OpenSSH to OpenSSL

OpenSSH private keys are directly understable by OpenSSL. You can test for example:

openssl rsa -in ~/.ssh/id_rsa -text
openssl dsa -in ~/.ssh/id_dsa -text

So, you can directly use it to create a certification request:

openssl req -new -key ~/.ssh/id_dsa -out myid.csr

You can also use your ssh key to create a sef-signed certificate:

openssl x509 -req -days 3650 -in myid.csr -signkey ~/.ssh/id_rsa -out myid.crt

Notice I have not found how to manipulate ssh public key with OpenSSL

Continue reading “Convert keys between GnuPG, OpenSsh and OpenSSL – Sysmic.org”