Important: Please read the Qt Code of Conduct -

QSslSocket: How generate private key, Local certificate and CaCertificates ?

  • Hi,
    I want to realize a secure connection from a client and a server.
    I'm trying to generate for the Server

    • the Private Key
    • the Local Certificate

    and the CaCertificate for the client.

    Using OpenSLL :

    openssl genrsa -des3 -out CA-key.pem 2048
    openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem
    openssl genrsa -des3 -out server-key.pem 2048
    openssl req –new –config openssl.cnf –key server-key.pem –out signingReq.csr
    openssl x509 -req -days 365 -in signingReq.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out server-cert.pem

    After this commands sequence I obtain 6 files:

    On the Server I have something like this :

        QSslSocket *sslSocket = new QSslSocket(this);
        QFile certFile("C:\\mycert\\server-cert.pem");
        sslSocket->setLocalCertificate(certFile.readAll(), QSsl::EncodingFormat::Pem);
        QFile keyFile("C:\\mycert\\server-key.pem");
    QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789");

    On client side :

    QSslSocket sslSocket;

    The first issue is that the sslCert is not valid.

    This call fails:

    QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789");

    Could you help me ?

  • Why do you assign a QSslKey to a QSslCertificate?

  • @parisisal you may want to take a look at this blog post.
    It covers your requirements of creating the self-signed certificate for your server and using the self-signed certificate in a Qt client.

    However, that example is using Apache for the server part, so if you want the server to be a Qt app as well, please look at this other example (it's using a websocketserver, but you'll see how the certificate and key are handled...)

Log in to reply