Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Examples>
 

This guide is meant to be a complete Newbie instruction
for installing openSSL and your own CA. Currently this
guide is written only for Windows users. I'm not sure
the extent of this but I wrote it using WindowsXP,
with Visual Studio.Net. So I'm assuming it will work
on most Windows OS with Visual C installed. Further
versions of this guide will cover other Operating
Systems and compilers (Borland, etc).

It is not necessary to insall openSSL so if you are
not interested in this please skip to the CA section further below.

---------------------------------------------------
***************************************************
Install OpenSSL
***************************************************
---------------------------------------------------

An alternative to method for win32 which involes a simply
download and install can be found here:
http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL
I have not used this method though.

-
Download the latest version of openSSL from
http://www.openssl.org/source/

For me it was openssl-0.9.7b.tar.gz.
Extract the contents to a folder.

Now download the latest version of ActivePerl from
http://www.activestate.com/Products/ActivePerl/
For me it was ActivePerl-5.8.0.806-MSWin32-x86.msi
Follow the directions to install.

-
We need to setup the VC environment correctly. To
do this we need to execute a file called VCVARS32.BAT
which is found in the 'bin' subdirectory of the VC++
installation directory (somewhere under 'Program Files').

Open the command prompt by clicking start,run, and then
typing cmd From here navigate your way to the bin
subdurectory as mentioned above. For me it was:

cd C:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\bin
Once in that directory simply type
> vcvars32.bat
if that doesnt work, try vsvars32.bat

From here navigate your way to the folder that you
extracted openssl to. Once in here type:

> perl Configure VC-WIN32
> ms\do_masm

Using Windows, open the VC bin folder. From here copy the following files:
cl.exe,c1.dll,c2.dll,c1xx.dll,cl.exe.config,nmake.exe
Now place them in your openssl directory.

Back to the command prompt. Change directory to openssl and type:
> nmake -f ms\ntdll.mak

Hopefully everything went well. If so you should now have
some .dll files within a new folder called out32dll
within your openssl directory.

Final Steps:

Copy 2 files from your out32dll folder to your system
directory. Do this with either the command prompt or
using windows explorer.

Now back in the command prompt (or with windows) we
create some new directories and folders and populate
them:

> md c:\openssl
> md c:\openssl\bin
> md c:\openssl\lib
> md c:\openssl\include
> md c:\openssl\include\openssl
> copy /b inc32\openssl\*  c:\openssl\include\openssl
> copy /b out32dll\ssleay32.lib c:\openssl\lib
> copy /b out32dll\libeay32.lib c:\openssl\lib
> copy /b out32dll\ssleay32.dll c:\openssl\bin
> copy /b out32dll\libeay32.dll c:\openssl\bin
> copy /b out32dll\openssl.exe  c:\openssl\bin

Of course you need to be copying from the correct path of
where you out32dll is located, so it is wise to be in
this directory first.

Now I think openSSL is officially installed. Where you go
from here, I dont know...:(

 
 
--------------------------------------------------------------
***************************************************************
CREATE YOUR OWN CA
**************************************************************
--------------------------------------------------------------

- SETTING UP

Firstly you will need three files: CA.pl, openssl.cnf,
and openssl.exe. The location of these will depend on
whether you have installed openssl or not.

Did install openssl:-

If you have installed openssl as mentioned above, the
ca.pl and openssl.cnf files will be located in your
openssl/apps/  directory. The openssl.exe will be located
in your openssl/out32dll directory.

I tried to use my original openssl.exe file for  the
creation of my certificate but it wouldnt work, so I
downloaded an older version off the Internet at
http://www.stunnel.org/download/stunnel/win32/openssl-
0.9.6j/  which then worked.

Did NOT install openssl: -

If you didnt install openssl then please download the tar
file from http://www.openssl.org/source/. Within the apps
directory is CA.pl and openssl.cnf. The .exe file can be
found and downloaded off the Interent. Just use a simple
good search, I found a copy at
http://www.stunnel.org/download/stunnel/win32/

You will also need to download the latest version of
AvtivePerl from http://www.activestate.com/Products/ActivePerl/

For me it was ActivePerl-5.8.0.806-MSWin32-x86.msi
Follow the directions to install.

Note: I have not tried creating a CA without openssl
installed, but I am told it works.

-

Once you have your files put them in a new directory, I
created C:\demo and put them in there.

Extract the following 2 files from the perl zip file
and place them in the same
directory as the openssl files:

  PERL56.DLL
    The perl dynamic link libriary needed for PERL.EXE

  PERL.EXE
    The executable file needed to run the perl script to create the CA.

Set the location of openssl.cnf as an enviromental variable.
We do this be entereing the command prompt:

> cd c:\demo
> set OPENSSL_CONF=c:\demo\openssl.cnf

- Make a CA

I found the easiest and most effective way to do this as
below, but the bad thing is I don't really know whats
going on. Anyway, here are the steps:

Go into the command prompt. Move to your deom directory. type:

> openssl req -config openssl.cnf -new -out my-server.csr
> openssl rsa -in privkey.pem -out my-server.key
> openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365
> openssl x509 -in my-server.cert -out my-server.der.crt -outform DER


You should now have a certificate and a key in your folder. The
same result should be received from using:

> ca.pl -newca
> ca.pl -newreq
> ca,pl -sign

Sorry this last section (the main focus of the guide!!)
has been rushed but I didnt realise it would take so long
to write this guide. It will updated with much more
information in the future. For now though, here are some
excellent sites that I got a lot of information from and
they will help you get a greater understanding:

- http://www.post1.com/home/ngps/m2/howto.ca.html
- http://hp.vector.co.jp/authors/VA027031/orenosp/certmemo_en.txt
- http://www.galatea.com/flashguides/apache-ssl-win32.xml


--------------------------------------------------------------
**************************************************************
INSTALL YOUR CA IN YOUR SERVER
**************************************************************
-------------------------------------------------------------
...coming soon....


------------------------------------------------------------
************************************************************
REFERENCES
************************************************************
--------------------------------------------------------------
- http://www.post1.com/home/ngps/m2/howto.ca.html
- http://hp.vector.co.jp/authors/VA027031/orenosp/certmemo_en.txt
- http://www.galatea.com/flashguides/apache-ssl-win32.xml
- http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL
- http://www.openssl.org/
- http://www.activestate.com/