Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
Scott Petersen committed May 2, 2014
2 parents a35c0ed + 1b57ac7 commit 60ca382
Show file tree
Hide file tree
Showing 7 changed files with 199 additions and 76 deletions.
6 changes: 3 additions & 3 deletions INSTALL
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
1. ./configure
2. make
3. sudo cp ser2sock /usr/local/bin/
4. sudo mkdir -p /etc/ser2sock
5. sudo cp ser2sock.conf.example /etc/ser2sock/ser2sock.conf
6. Make changes to /etc/ser2sock/ser2sock.conf as needed.
4. sudo cp -R etc/ser2sock /etc/
5. Make changes to /etc/ser2sock/ser2sock.conf as needed.
6. If using SSL generate certificates
7. sudo cp init/ser2sock /etc/init.d/
8. sudo update-rc.d ser2sock defaults
9. sudo /etc/init.d/ser2sock start
24 changes: 19 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,14 @@ network. It also supports encryption and authentication via OpenSSL.

Installation
============
NOTE: The OpenSSL dev package is needed in order to compile with SSL support.

1. ./configure
2. make
3. sudo cp ser2sock /usr/local/bin/
4. sudo mkdir -p /etc/ser2sock
5. sudo cp ser2sock.conf.example /etc/ser2sock/ser2sock.conf
6. vi /etc/ser2sock/ser2sock.conf
4. sudo cp -R etc/ser2sock /etc/
5. Make changes to /etc/ser2sock/ser2sock.conf as needed.
6. If using SSL generate certificates
7. sudo cp init/ser2sock /etc/init.d/
8. sudo update-rc.d ser2sock defaults
9. sudo /etc/init.d/ser2sock start
Expand Down Expand Up @@ -53,7 +54,7 @@ There are three pieces you need to make this work.
signed by the CA.

Generating the Certificates
-------------------------
---------------------------

Create the CA certificate and key:
```openssl req -out ca.pem -new -x509```
Expand Down Expand Up @@ -83,7 +84,20 @@ Now all you have to do is enable encryption in the configuration, update your
certificate paths, and restart the service.

Testing the SSL Certificates
---------------------------
----------------------------
After the certificates have been generated and ser2sock restarted you can
verify that the certificates work with OpenSSL:
```openssl s_client -connect 127.0.0.1:10000 -cert client.pem -key client.key -CAfile ca.pem```

Certificate Revocation
----------------------
Certificates may be revoked using OpenSSL's CA facility.

Revoke the certificate:
```openssl ca -config ca.conf -revoke certs/badclient.pem -keyfile certs/privkey.pem -cert certs/ca.pem```

Regenerate the CRL:
```openssl ca -config ca.conf -gencrl -keyfile certs/privkey.pem -cert certs/ca.pem -out ser2sock.crl```

Restart ser2sock:
```killall -HUP ser2sock```
45 changes: 45 additions & 0 deletions etc/ser2sock/ca.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Mainly copied from:
# https://swearingscience.com/2009/01/18/openssl-self-signed-ca/

[ ca ]
default_ca = ser2sock

[ crl_ext ]
# issuerAltName=issuer:copy #this would copy the issuer name to altname
authorityKeyIdentifier=keyid:always

[ ser2sock ]
dir = ./certs
new_certs_dir = $dir
unique_subject = no
certificate = $dir/ca.pem
database = $dir/certindex
private_key = $dir/privkey.pem
serial = $dir/ca.srl
default_days = 730
default_md = sha1
policy = ser2sock_policy
x509_extensions = ser2sock_extensions
crlnumber = $dir/crlnumber
default_crl_days = 730

[ ser2sock_policy ]
commonName = supplied
stateOrProvinceName = supplied
countryName = optional
emailAddress = optional
organizationName = supplied
organizationalUnitName = optional

[ ser2sock_extensions ]
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
#crlDistributionPoints = URI:https://example.com/root.crl
#subjectAltName = @alt_names

#[alt_names]
#DNS.1 = example.com
#DNS.2 = *.example.com
Empty file added etc/ser2sock/certs/certindex
View file
Empty file.
1 change: 1 addition & 0 deletions etc/ser2sock/certs/crlnumber
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
01
12 changes: 9 additions & 3 deletions ser2sock.conf.example → etc/ser2sock/ser2sock.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,26 @@ port = 10000
#encrypted = 1

# CA certificate for this install
#ca_certificate = /etc/ser2sock/ca.pem
#ca_certificate = /etc/ser2sock/certs/ca.pem

# SSL certificate
#ssl_certificate = /etc/ser2sock/server.pem
#ssl_certificate = /etc/ser2sock/certs/server.pem

# SSL key
#ssl_key = /etc/ser2sock/server.key
#ssl_key = /etc/ser2sock/certs/server.key

# SSL CRL location
#ssl_crl = /etc/ser2sock/ser2sock.crl

# Allow binding only to a specific interface. Default: 0.0.0.0
#bind_ip = 127.0.0.1

# Send terminal init string. Default: 0
#send_terminal_init = 0

# Raw communications mode disables all sending of !SER2SOCK messages. Default: 0
raw_device_mode = 0

# Keep incoming connections open when the serial device is disconnected? Default: 0
#preserve_connections = 0

Expand Down
Loading

0 comments on commit 60ca382

Please sign in to comment.