Openssl x509 -req -in dns.req -out dns.crt -CA ca.crt -CAkey ca.key -CAcreateserial Openssl req -new -key dns.key -out dns.req Create a X.509 public key certificate in a X.509 Certificate Authority, for instance the homemade CA:.Openssl req -new -key ca.key -out ca.crt -x509 -extensions v3_ca You should use a real X.509 CA but for experiments you can create a CA certificate by:.Stunnel setup for the the out-of-band key-pinned privacy profile: Launch stunnel in daemon mode using the configuration file:. The DNS over TLS well-known port is 853 stunnel will accept any TLS connection on this port and forward content in TCP to 127.0.0.1 (localhost) on port 53(dns). The service_name should be dns according to documentation. This creates a self-signed certificate, enough for clients performing no authentication. Openssl req -new -key dns.key -out dns.crt -x509
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |