- It does SSL (the S[secure] part of HTTPS and some other protocols)
- Can do (almost) everything you need with X.509v3 'certificates'
- Is a general purpose crypto library
- Has a suite of testing utilities for debugging SSL connections
- one ships with cygwin, which is just convenient if you use cygwin.
- one is available as a windows installer at [2], very convenient if you want a simple separate installer for openssl.
- the GnuWin32 [3] version at [4]. This is a either an installer or a zip file. The zip file makes it simple to distribute it in your .kit files. Just extract to a temp dir and it runs.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
I know cygwin has a version of openssl, which works enough to make good high level encryption certificates, and there is an ssh for instance, too, maybe even a secure X server for the Xfree86 Xwindows emulation on windows, though I don't remember having made that work. It can simply be downloaded and installed with the package, except it is not so easy to find ones way through all stuff by simply following a document. The man pages are there, though, it has genkey and such comands. I think there is a library, too.
TV (Mar 9 2004) For what it is worth, this is the outline script I followed for the certificates on the tclhttpd server I let run [5] , which uses the secure socket extension, and starts up easily once you feed it the right certs:
openssl genrsa -out skey.pem openssl req -new -nodes -out ./server.pem -key ./skey.pem openssl genrsa -out key1.pem openssl req -x509 -nodes -out ca.pem -key key1.pem -new openssl genrsa -out key2.pem openssl req -x509 -nodes -out s.pem -key key2.pem -new openssl ca -keyfile key1.pem -cert ca.pem -in s.pemThe subject came up on the chat, I didn't see anything like it. I run it on a recent cygwin having openssl.
JQ OpenSSL windows binaries are located at: http://www.nesbitt.ca/downloads.html
JGR: The nesbitt.ca page [6] contains the following text (at least it did on Dec 2, 2004):
News: Due to a vaguely threatening email from the author of another Windows OpenSSL distribution, we are currently unable to provide binaries. Sorry for the inconvenience--we hope to have the download available again soon. Failing that, we will provide a link to a suitable Windows alternative.
category security