Tuesday, June 3, 2014

Generating Elliptical Curve (EC) Key/Pair

Just finished a post over at Splunk blog regarding using EC (Elliptical Curve) certs with in Splunk. Although the explanation was geared towards someone deploy the keys in a Splunk deployment the key pair could be used in any situation (proxy, web server etc..)

Here is the TL;DR summary of the post:

Generate a New Elliptical Curve CA key and Cert
openssl ecparam -out ca-key.pem -genkey -name prime256v1
openssl req -x509 -new -key ca-key.pem -out ca-cert.pem

Generate Servers Private key and CSR
openssl ecparam -out server-key.pem -genkey -name prime256v1
openssl req -new -key server-key.pem -out server-csr.pem

Generate Public Certificates:
openssl x509 -req -days 365 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem


If you want to test your keys. Start a web server with the following openssl command.
openssl s_server -www -key server-key.pem -cert server-cert.pem -CAfile ca-cert.pem -state

Then, try to connect to
openssl s_client -connect