make-ssl-cert(8) System Manager's Manual make-ssl-cert(8)NAME
make-ssl-cert - Debconf wrapper for openssl
SYNOPSIS
make-ssl-cert template output-certificate [--force-overwrite]
make-ssl-cert generate-default-snakeoil [--force-overwrite]
DESCRIPTION
make-ssl-cert is a simple debconf to openssl wrapper to create self-signed certificates. It requires a source template (Ex:
/usr/share/ssl-cert/ssleay.cnf) and it will place the new generated certificate in the specified output file.
Invoked with "generate-default-snakeoil", it will generate /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key.
OPTIONS
A summary of options are included below.
--force-overwrite
Use this option ONLY when strictly required since it will overwrite the output certificate.
SEE ALSO openssl(1)AUTHOR
The program author is Thom May <thom@debian.org>, manual page was written for completness by Fabio M. Di Nitto <fabbione@fabbione.net>, for
the Debian GNU/Linux system (but may be used by others).
make-ssl-cert(8)
Check Out this Related Man Page
Net::Proxy::Connector::ssl(3pm) User Contributed Perl Documentation Net::Proxy::Connector::ssl(3pm)NAME
Net::Proxy::Connector::ssl - SSL Net::Proxy connector
DESCRIPTION
"Net::Proxy::Connecter::ssl" is a "Net::Proxy::Connector" that can manage SSL connections (thanks to "IO::Socket::SSL").
By default, this connector creates SSL sockets. You will need to subclass it to create "smarter" connectors than can upgrade their
connections to SSL.
In addition to the options listed below, this connector accepts all "SSL_..." options to "IO::Socket::SSL". They are transparently passed
through to the appropriate "IO::Socket::SSL" methods when needed.
CONNECTOR OPTIONS
The connector accept the following options:
"in"
o host
The listening address. If not given, the default is "localhost".
o port
The listening port.
o start_cleartext
If true, the connection will start in cleartext. It is possible to upgrade a socket to using SSL with the "upgrade_SSL()" method.
"out"
o host
The listening address. If not given, the default is "localhost".
o port
The listening port.
o start_cleartext
If true, the connection will start in cleartext. It is possible to upgrade a socket to using SSL with the "upgrade_SSL()" method.
METHODS
The "Net::Proxy::Connector::ssl" connector has an extra method:
upgrade_SSL( $sock )
This method will upgrade a cleartext socket to SSL. If the socket is already in SSL, it will "carp()".
CREATING A SELF-SIGNED CERTIFICATE
I tend to forget this information, and the openssl documentation doesn't make this any clearer, so here are the most basic commands needed
to create your own self-signed certificate (courtesy David Morel):
$ openssl genrsa -out key.pem 1024
$ openssl req -new -key key.pem -x509 -out cert.pem -days 365
A certificate is required is you want to run a SSL server or a proxy with a "Net::Proxy::Connector::ssl" as its "in" connector.
Once the key and certificate have been created, you can use them in your parameter list to "Net::Proxy->new()" (they are passed through to
"IO::Socket::SSL"):
Net::Proxy->new(
{
in => {
host => '0.0.0.0',
port => 443,
SSL_key_file => 'key.pem',
SSL_cert_file => 'cert.pem',
},
out => { type => 'tcp', port => '80' }
}
);
AUTHOR
Philippe 'BooK' Bruhat, "<book@cpan.org>".
COPYRIGHT
Copyright 2006 Philippe 'BooK' Bruhat, All Rights Reserved.
LICENSE
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
perl v5.10.1 2009-10-18 Net::Proxy::Connector::ssl(3pm)