This guide outlines the steps to generate a self-signed SSL certificate and key for a server, compile and execute the server code, and set up the client to communicate securely with the server. It also includes some basic security measures.
Run the following script to generate a self-signed SSL certificate and private key for the server:
bash server.shDuring the generation of the private key, you will be prompted to provide a PEM passphrase. Set it to 123456 unless you want to provide the password each time a new connection is set up.
On successful gneration of server private key and certificate, compile and execute server.c by linking the associated libraries
gcc -o server server.c -lssl -lcrypto -lpthread
sudo ./serverMod 1: To prevent accidental sharing of the server.key file with the client, delete the file after the SSL context is set up. This is a simple but effective way to ensure the key isn't shared accidentally. Mod 2: For additional security, run the server in a chroot environment. This restricts the server's visibility to the rest of the filesystem. To set up the chroot environment:
bash chroot.shOn the client's machine, run the following script to generate the private key and certificate:
bash client.shAfter generating the client's private key and certificate, compile the client.c file:
gcc -o client client.c -lssl -lcrypto
./clientOnce the connection is successfully established, the client can request any file from the server. If the file resides in a directory other than where server.c is located, please provide the absolute path.
This guide provides a basic setup for a secure server-client communication using SSL. The security measures mentioned, like deleting the server.key and running the server in a chroot environment, are essential for protecting sensitive information.