|
|
Boost Users : |
Subject: Re: [Boost-users] Generate SSL certificate, chain file, dh and key for boost::asio::ssl::context
From: Maarten de Vries (maarten_at_[hidden])
Date: 2017-02-25 13:45:57
Hey,
On 25 February 2017 at 12:37, jupiter via Boost-users <
boost-users_at_[hidden]> wrote:
> I think I can use openssl to generate those self signed files, correct? I
> saw some programs use 4 use_certificate_chain_file, use_certificate_file,
> use_private_key_file and use_tmp_dh_file in both server and client sites,
> but I also saw some test program only use one ca.pem in client site and 3
> use_certificate_chain_file, use_private_key_file and use_tmp_dh_file in
> server site, which is correct or better? Any guideline?
>
>
Yes, you can use openssl to generate self signed certificates​. If you need
to, you can also easily get widely trusted certificates for free from
letsencrypt.
As for using server certificates and/or client certificates: it really
depends on the application. With TLS, both endpoints of the connection
*can* identify themselves with a certificate. In general it makes sense to
use a certificate to have the client verify the identity of the server. If
the server should only accept connections from trusted users/devices, you
could use client certificates too. On the other hand, if the server accepts
anonymous connections, there is nothing to be gained from verifying the
client certificates so you're better off not asking for them in the first
place.
-- Maarten
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net