QSslSocket: How generate private key, Local certificate and CaCertificates ?
-
Hi,
I want to realize a secure connection from a client and a server.
I'm trying to generate for the Server- the Private Key
- the Local Certificate
and the CaCertificate for the client.
Using OpenSLL :
openssl genrsa -des3 -out CA-key.pem 2048
openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem
openssl genrsa -des3 -out server-key.pem 2048
openssl req –new –config openssl.cnf –key server-key.pem –out signingReq.csr
openssl x509 -req -days 365 -in signingReq.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out server-cert.pemAfter this commands sequence I obtain 6 files:
CA-cert.pem
CA-key.pem
CA-cert.srl
server-cert.pem
server-key.pem
signingRew.csrOn the Server I have something like this :
QSslSocket *sslSocket = new QSslSocket(this); sslSocket->setSocketDescriptor(socketDescriptor); QFile certFile("C:\\mycert\\server-cert.pem"); sslSocket->setLocalCertificate(certFile.readAll(), QSsl::EncodingFormat::Pem); QFile keyFile("C:\\mycert\\server-key.pem"); QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789"); sslSocket->setPrivateKey(sslCert); sslSocket->setProtocol(QSsl::TlsV1_2); sslSocket->startServerEncryption();On client side :
QSslSocket sslSocket; sslSocket.addCaCertificates(QString("C:\\mycert\\server-cert.pem"));The first issue is that the sslCert is not valid.
This call fails:
QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789");Could you help me ?
-
Hi,
I want to realize a secure connection from a client and a server.
I'm trying to generate for the Server- the Private Key
- the Local Certificate
and the CaCertificate for the client.
Using OpenSLL :
openssl genrsa -des3 -out CA-key.pem 2048
openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem
openssl genrsa -des3 -out server-key.pem 2048
openssl req –new –config openssl.cnf –key server-key.pem –out signingReq.csr
openssl x509 -req -days 365 -in signingReq.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out server-cert.pemAfter this commands sequence I obtain 6 files:
CA-cert.pem
CA-key.pem
CA-cert.srl
server-cert.pem
server-key.pem
signingRew.csrOn the Server I have something like this :
QSslSocket *sslSocket = new QSslSocket(this); sslSocket->setSocketDescriptor(socketDescriptor); QFile certFile("C:\\mycert\\server-cert.pem"); sslSocket->setLocalCertificate(certFile.readAll(), QSsl::EncodingFormat::Pem); QFile keyFile("C:\\mycert\\server-key.pem"); QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789"); sslSocket->setPrivateKey(sslCert); sslSocket->setProtocol(QSsl::TlsV1_2); sslSocket->startServerEncryption();On client side :
QSslSocket sslSocket; sslSocket.addCaCertificates(QString("C:\\mycert\\server-cert.pem"));The first issue is that the sslCert is not valid.
This call fails:
QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789");Could you help me ?
@parisisal you may want to take a look at this blog post.
It covers your requirements of creating the self-signed certificate for your server and using the self-signed certificate in a Qt client.However, that example is using Apache for the server part, so if you want the server to be a Qt app as well, please look at this other example (it's using a websocketserver, but you'll see how the certificate and key are handled...)
