Creating certificates for SSL

Since DC++ 0.68 have SSL, I thought I’d check out how to actually create those certificates. As the link mentioned in the above thread only deal with *nix, I was not inclined to get *nix just because I wanted to try this out. (I like Windows XP, despite what the *nix zealots say).

So I turned to Google and searched for “create certificates” and at the sixth or seventh result, I saw ‘Creating certificates under Windows‘. Excellent. Exactly what I wanted. And the first line (well, a couple down, but the first in the tutorial…) said “The easy way to create certificates under Windows is to use ssft’s built-in capabilities. This require the openssl.exe program to be in the same directory as ssft.exe or in the PATH.”
‘ssft.exe’? ‘openssl.exe’? Google, hello again. A swift search for “Secure Socket File Transfer” pointed to their Sourceforge entry. I downloaded the file presented and fired up the setup-file. (Now, I might mention that I chose to include a ‘demo-certificate’, so I had to remove the ‘certs’ directory created by the installer for this to work well. If you don’t include the ‘demo-certificate’, I think you don’t have to.)

After installation, I continued with the guide. And just a disclaimer: I don’t know if you have to do a, b and c. I just did all of them. I have not tested the SSL in DC++ either, so please don’t yell too hard at me if it doesn’t work well. Write a guide yourself if you don’t feel its adequate.

I went (through cmd – write ‘cmd’ in Run) to the directory where SSFT was installed, and did the following (I’m just re-iterating what the guide say):
Write a password when you’re promted. I used the same throughout everything (so it wouldn’t spit it back at me). (‘certs’ mean the directory ‘certs’ by the way…)

Step a) Write: ssft –cert-dir certs –generate-ca

Step b) Write: ssft –cert-dir certs –new-server-cert
Fill in here: Country Name, State or Province Name, Locality Name (eg, city), Organization Name (eg, company) and Common Name.
If you don’t, SSFT will probably complain (it did for me).

Step c) Write: ssft –cert-dir certs –new-client-cert
Fill in here: Country Name, State or Province Name, Locality Name (eg, city), Organization Name (eg, company), Common Name and Email Address.
If you don’t, SSFT will probably complain (it did for me).

Done all that? Yay! You’ve created the certificates now!
In DC++, add the ssft_client.key to the Private key path.
Add ssft_root.cert to the Own certificate path.
And add the newcerts\ directory to the trusted certificates path.

I’ll fiddle some more and see if I can create a point-by-point guide to do everything else merely other than ‘generate a certificate, add it to the hub…’.

2 Responses to Creating certificates for SSL

  1. Pingback: CTM tokens in ADC (or why the NMDC protocol is terrible, part 2) « DC++: Just These Guys, Ya Know?

  2. Pingback: TLS disabled, failed to generate certificate « DC++: Just These Guys, Ya Know?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: