Deyan Yanchev wrote
I used OpenSSL to create a self-signed certificate with the following command:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'
Then I executed the following code in a Workspace:
certificate := Security.X509.Certificate fromFile: 'cert.pem'.
certificates := (Xtreams.TLSCertificateStore newWithDefaults)
certificate: (Array with: certificate) key: myPrivateKey;
yourself.
This simple piece of code raised exception 'This certificate is not suitable for any supported key exchange!' in Xtreams.TLSCertificateStore>>certificate:key:
There are two options:
1. Create a certificate with the required extensions for keyUsage using OpenSSL
See
https://www.openssl.org/docs/apps/x509v3_config.htmlExample: create a config file (e.g. ssl.config) with something like this:
[ req ]
x509_extensions = cert_extensions
....
[ cert_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, keyAgreement, keyCertSign
...
and pass it to openssl
openssl -config ssl.config .....
2. create a temporary certificate with VisualWorks on the fly
key := PrivateKey algorithm: 'RSA' size: 2048.
name := Security.X509.Name new CN: SocketAccessor getHostname;
yourself.
certificate := Security.X509.Certificate new
serialNumber: Time microsecondClock;
issuer: name;
subject: name;
notBefore: Date today;
notAfter: Timestamp now + 1 year;
publicKey: key asX509Key asPublicKey;
forKeyExchange;
yourself.
certificate signUsing: key hash: 'SHA256' padding: 'PKCS1'.
certificateStore := TLSCertificateStore newWithDefaults.
certificateStore known: certificate.
certificateStore certificate: (Array with: certificate) key: key.
Locked
