Example on Certificates

TL;DR

In the recent posts we discussed certificates a bit. Curious to try that suff out? There’s a Docker image for that!

If the recent posts about certificates (Bare-bones Root CA, Bare-bones Web Server and Intermediate CAs are hard!) tickled you, you’re just a docker pull command away from trying all that stuff out. You remember about Try with Docker, do you?

Let’s take a look:

$ docker pull polettix/certificate-example
Using default tag: latest
latest: Pulling from polettix/certificate-example
...
Status: Downloaded newer image for polettix/certificate-example:latest

To avoid any kind of bloat, let’s start the container with option --rm so that the container will be reaped as soon as we will have ended:

$ docker run -it --rm polettix/certificate-example:latest

Now we are inside the container, the first example is in directory simple:

7b38b2c7b269:/app# cd simple
7b38b2c7b269:/app/simple# ls -l
total 12
-rwxr-x--x    1 user     user           427 Feb  2 10:17 root-ca.sh
-rwxr-xr-x    1 user     user           786 Feb  2 10:17 setup.sh
-rwxr-xr-x    1 user     user           121 Feb  2 10:17 start-server.sh
7b38b2c7b269:/app/simple# ./setup.sh 
Generating a RSA private key
...........+++++
...........................................................................................+++++
writing new private key to 'rca.key'
-----
Generating a RSA private key
...................................................................................................................................................................+++++
...................+++++
writing new private key to 'srv.key'
-----
Signature ok
subject=/CN=srv.example.com/C=IT/ST=RM/L=Roma/O=Everish/OU=Server
Getting CA Private Key

Ready. Now:

- run tmux
- <CTRL-B "> to split the terminal in two
- in one half, run `./start-server.sh`
- <CTRL-B DOWN-ARROW> to move onto the other half
- run `curl --cacert rca.crt https://srv.example.com:3000/`

The rest is better executed inside tmux, which is included inside the terminal. Just follow the hints above!

There’s another directory with the example of the… wrong way to do the intermediate CA, just jump into wrong-intermediate and you will know what to do.

Cheers!


Comments? Octodon, , GitHub, Reddit, or drop me a line!