Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

QSslSocket: How generate private key, Local certificate and CaCertificates ?



  • Hi,
    I want to realize a secure connection from a client and a server.
    I'm trying to generate for the Server

    • the Private Key
    • the Local Certificate

    and the CaCertificate for the client.

    Using OpenSLL :

    openssl genrsa -des3 -out CA-key.pem 2048
    openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem
    openssl genrsa -des3 -out server-key.pem 2048
    openssl req –new –config openssl.cnf –key server-key.pem –out signingReq.csr
    openssl x509 -req -days 365 -in signingReq.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out server-cert.pem

    After this commands sequence I obtain 6 files:
    CA-cert.pem
    CA-key.pem
    CA-cert.srl
    server-cert.pem
    server-key.pem
    signingRew.csr

    On the Server I have something like this :

        QSslSocket *sslSocket = new QSslSocket(this);
        sslSocket->setSocketDescriptor(socketDescriptor);
        QFile certFile("C:\\mycert\\server-cert.pem");
        sslSocket->setLocalCertificate(certFile.readAll(), QSsl::EncodingFormat::Pem);
        QFile keyFile("C:\\mycert\\server-key.pem");
    QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789");
        sslSocket->setPrivateKey(sslCert);
        sslSocket->setProtocol(QSsl::TlsV1_2);
        sslSocket->startServerEncryption();
    

    On client side :

    QSslSocket sslSocket;
     sslSocket.addCaCertificates(QString("C:\\mycert\\server-cert.pem"));
    

    The first issue is that the sslCert is not valid.

    This call fails:

    QSslCertificate sslCert = QSslKey(keyFile.readAll(), QSsl::KeyAlgorithm::Rsa, QSsl::EncodingFormat::Pem, QSsl::PrivateKey, "123456789");
    

    Could you help me ?



  • Why do you assign a QSslKey to a QSslCertificate?



  • @parisisal you may want to take a look at this blog post.
    It covers your requirements of creating the self-signed certificate for your server and using the self-signed certificate in a Qt client.

    However, that example is using Apache for the server part, so if you want the server to be a Qt app as well, please look at this other example (it's using a websocketserver, but you'll see how the certificate and key are handled...)


Log in to reply