SOCAT SSL

Power of socat still astonishes me.
I needed a shell to traverse an ssl proxy and socat site shows example of socat and openssl http://www.dest-unreach.org/socat/doc/socat-openssl.txt

Commands used are listed here in case page disappears.

Hosts: a server and a client

1) Generate self signed server certificate
// generate a private key;
$ openssl genrsa -out server.key 1024
// generate a self signed cert:
$ openssl req -new -key server.key -x509 -days 3653 -out server.crt
// enter fields… (may all be empty when cert is only used privately)
// generate the pem file:
$ cat server.key server.crt >server.pem
// secure permissions:
$ chmod 600 server.key server.pem
// copy server.pem to the server host using a secure channel (floppy, scp…)
// and keep tight permissions
// remove all other instances of server.key and server.pem
// copy server.crt to the client host

2) Generate self signed client certificate
// like server certificate, but use names client.*
// copy client.pem to the client host using a secure channel (floppy, scp…)
// and keep tight permissions
// remove all other instances of client.key and client.pem
// copy client.crt to the server host

3) Start socat based SSL server
// on server host:
$ socat ssl-l:1443,reuseaddr,fork,cert=server.pem,cafile=client.crt,verify=1 exec:’uptime’

4) Invoke socat based SSL client
// on client host:
$ socat – ssl:server-host:1443,cert=client.pem,cafile=server.crt

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s