how to generate ssl cert for *.ouya.tv via mitmproxy
authorChristian Weiske <cweiske@cweiske.de>
Wed, 11 Sep 2013 20:06:23 +0000 (22:06 +0200)
committerChristian Weiske <cweiske@cweiske.de>
Wed, 11 Sep 2013 20:06:23 +0000 (22:06 +0200)
doc/.gitignore [new file with mode: 0644]
doc/README.rst [new file with mode: 0644]
doc/ouya.tv-cert-req.cnf [new file with mode: 0644]

diff --git a/doc/.gitignore b/doc/.gitignore
new file mode 100644 (file)
index 0000000..77e0dbc
--- /dev/null
@@ -0,0 +1 @@
+selfcert-ouya.tv.*
diff --git a/doc/README.rst b/doc/README.rst
new file mode 100644 (file)
index 0000000..951b7c2
--- /dev/null
@@ -0,0 +1,19 @@
+Generate web server SSL certificate
+===================================
+::
+
+  $ openssl req -new -x509 -nodes -config ouya.tv-cert-req.cnf -out selfcert-ouya.tv.pem -keyout selfcert-ouya.tv.key -days 730
+
+  $ openssl genrsa -out selfcert-ouya.tv.key 2048
+  $ openssl req -new -config ouya.tv-cert-req.cnf -key selfcert-ouya.tv.key -out selfcert-ouya.tv.csr
+  $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730
+
+Verify CSR::
+
+  $ openssl req -text -noout -verify -in selfcert-ouya.tv.csr
+
+Verify certificate::
+
+  $ openssl x509 -in selfcert-ouya.tv.crt -text -noout
+
+Then install the certificate in your web server.
diff --git a/doc/ouya.tv-cert-req.cnf b/doc/ouya.tv-cert-req.cnf
new file mode 100644 (file)
index 0000000..1890971
--- /dev/null
@@ -0,0 +1,29 @@
+#make the signing process include the subjectAltName
+extensions = v3_req
+
+[req]
+default_bits = 2048
+encrypt_key = yes
+distinguished_name = req_dn
+req_extensions = v3_req
+prompt = no
+
+[req_dn]
+C=US
+ST=Massachusetts
+L=Anytown
+O=OUYA
+OU=custom OUYA store
+CN=*.ouya.tv
+emailAddress=ouya+dummy@example.org
+
+[v3_req]
+nsCertType = server
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = ouya.tv
+DNS.2 = *.ouya.tv
+DNS.3 = *.ouya.tv.bogo