{"id":21389659,"url":"https://github.com/galaxygorilla/cert_test","last_synced_at":"2025-03-16T12:47:17.194Z","repository":{"id":80582591,"uuid":"394391786","full_name":"GalaxyGorilla/cert_test","owner":"GalaxyGorilla","description":"Tinkering with TLS certificates in Erlang","archived":false,"fork":false,"pushed_at":"2022-01-21T17:24:43.000Z","size":16,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-23T00:41:31.136Z","etag":null,"topics":["certificate","https","openssl","ssl","tls"],"latest_commit_sha":null,"homepage":"","language":"Erlang","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GalaxyGorilla.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-09T18:03:52.000Z","updated_at":"2022-04-01T12:36:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"6f3dcb53-3dee-47fb-a731-0294627348ca","html_url":"https://github.com/GalaxyGorilla/cert_test","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GalaxyGorilla%2Fcert_test","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GalaxyGorilla%2Fcert_test/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GalaxyGorilla%2Fcert_test/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GalaxyGorilla%2Fcert_test/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GalaxyGorilla","download_url":"https://codeload.github.com/GalaxyGorilla/cert_test/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243871652,"owners_count":20361378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","https","openssl","ssl","tls"],"created_at":"2024-11-22T12:28:04.582Z","updated_at":"2025-03-16T12:47:17.174Z","avatar_url":"https://github.com/GalaxyGorilla.png","language":"Erlang","funding_links":[],"categories":[],"sub_categories":[],"readme":"cert_test\n=====\n\nAn OTP application for tinkering with TLS certificates using cowboy and gun.\n\nThere are two listeners used:\n\n* Basic TLS, e.g. only server certificates are verified by the client (port 8080)\n* Client authenticated TLS, e.g. also client certificates are verified by the server (port 8081)\n\nStart\n-----\n\n    $ rebar3 shell\n\n    [...]\n\n    1\u003e cert_test_client:req_basic_tls().\n    {ok,\u003c\u003c\"huhu!\"\u003e\u003e}\n\n    2\u003e cert_test_client:req_client_auth_tls().\n    {ok,\u003c\u003c\"huhu!\"\u003e\u003e}\n\n\nCertificates\n------------\n\nThe `priv` folder contains all used certificates and associated private keys. Note that there are also\ninvalid certificates for the client and server for tinkering.\n\nFor the sake of documentation here's described how the content in `priv` was generated.\n\nGenerate private keys:\n\n    % openssl ecparam -genkey -name prime256v1 -noout -out example.key\n\nGenerate the CA certificate:\n\n    % openssl req -x509 -sha256 -new -nodes -days 3650 -key CA.key -out CA.crt \n\nYou will have to enter several infos here, for the CA certificate all of this doesn't really matter.\n\nGenerate signed Certificates with CSRs (Certificate Signing Request) for other keys:\n\n    $ openssl req -new -key example.key -out example.csr\n    $ openssl x509 -req -in example.csr -CA CA.crt -CAkey CA.key -CAcreateserial -days 3650 -sha256 -out example.crt\n\nAgain, you will have to enter information but this time you need to take care for this line:\n\n    Common Name (eg, fully qualified host name) []: \u003cmy_hostname\u003e\n\nFor the server certificate you can choose e.g. `localhost`.\nThe Client will do hostname validation on this attribute.\nFor the Client this line doesn't matter in terms of TLS authentication.\n\nThe `invalid_server.crt` certificate uses `invalid` as hostname and is therefore not accepted by the client.\n\nThe `invalid_client.crt` is self-signed and is therefore not accepted by the server.\n\nYou can also verify your signed certificates with the CA certificate:\n\n    $ openssl verify -verbose -CAfile CA.crt example.crt\n\n\nSpecial case: intermediate CA, the real fun. Don't generate certificates as described here for production.\n\nPut that into your shell:\n\n    CONFIG=\"\n    [req]\n    distinguished_name=dn\n    [ dn ]\n    [ ext ]\n    basicConstraints=CA:TRUE,pathlen:0\n    \"\n\nThen sign the CSR using the following command:\n\n    $ openssl x509 -req -extfile \u003c(echo \"$CONFIG\") -in ICA.csr -CA CA.crt -CAkey CA.key -CAcreateserial -days 3650 -sha256 -extensions ext -out ICA.crt\n\nThis adds the `basicConstraints` extension to the certificate to make it CA capable.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgalaxygorilla%2Fcert_test","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgalaxygorilla%2Fcert_test","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgalaxygorilla%2Fcert_test/lists"}