Experimental SSL support

2019-01-22 23:31:36 -08:00
parent 90775ebbba
commit 0cb907e2ad
18 changed files with 370 additions and 47 deletions
--- a/README.md
+++ b/README.md
@@ -15,3 +15,28 @@ If you get dyld errors running from the command line, use `install_name_tool` to

 ## Running
 You need to hook imagent first to bypass entitlements check. Look at `hookAgent.sh`
+
+
+## SSL
+If you want to run with SSL, you have to generate a self-signed certificate, and have the Mac trust the root cert.
+
+### Generate a root cert
+1. Generate root key
+    `openssl genrsa -out Kordophone-root.key 4096`
+2. Generate root certificate
+    `openssl req -x509 -new -nodes -key Kordophone-root.key -sha256 -days 1024 -out Kordophone-root.crt`
+
+### Create signing certificate by signing a new cert with the root cert
+1. Generate signing key
+    `openssl genrsa -out kp.localhost.key 2048`
+2. Create certificate signing request
+    `openssl req -new -key kp.localhost.key -out kp.localhost.csr`
+3. Sign the cert with the root cert
+    `openssl x509 -req -in kp.localhost.csr -CA Kordophone-root.crt -CAkey Kordophone-root.key -CAcreateserial -out kp.localhost.crt -days 365 -sha256`
+4. kordophoned works with a signing cert in PKCS12 format. Convert the cert and the privkey to PKCS12
+    `openssl pkcs12 -export -in kp.localhost.crt -inkey kp.localhost.key -out certificate.p12 -name "Kordophone"`
+
+### Start kordophone with the SSL options and provide the p12
+`kordophoned -s -c certificate.p12`
+
+