TLS Support
Support for TLS is implemented with rustls
and its async
derivatives async-rustls
and tokio-rustls
.
An example using a self-signed certificate can be found in the GitHub repo.
More detailed documentations are underway.
How to generate self-signed CA and certs (an example)
- Create Root signing key:
openssl genrsa -out ca.key 4096
- Generate self-signed Root certificate:
openssl req -new -x509 -key ca.key -sha256 -subj "/C=CA/ST=BC/L=Vancouver/O=Example, Inc." -days 365 -out ca.cert
- Create a key for server:
openssl genrsa -out service.key 4096
- Create a signing request (CSR):
openssl req -new -key service.key -out service.csr -config certificate.conf
(see section below for details ofcertificate.conf
) - Generate a certificate for the server:
openssl x509 -req -in service.csr -CA ca.cert -CAkey ca.key -CAcreateserial -out service.pem -days 365 -sha256 -extfile certificate.conf -extensions req_ext
certificate.conf
[req]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
C = CA
ST = BC
L = Vancouver
O = Example, Inc.
CN = localhost
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = ::1
IP.2 = 127.0.0.1