SSL hints and using SSL announce with rtorrent

Create private key & csr for usage on server:
openssl req -config req.conf -newkey rsa:4096 -keyout -sha512 -out

If you add the -nodes switch, no password will be used.
.csr File is the signing request, pem file is the key.

Using ssl announce for rtorrent:
1)Add the certificate

openssl s_client -connect </dev/null 2>/dev/null | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' >> /etc/ssl/certs/ca-certificates.crt

2)Refresh the certificates



curl -I --capath /etc/ssl/certs

You may need the option:
in your .rtorrent.rc config file!

Different hints:
All certificates of a site can be shown with:
openssl s_client -connect -showcerts

Instead of c_rehash, one certificate can be hashed with:
ln -s certificate.pem `openssl x509 -hash -noout -in certificate.pem`.0

To determine, if a certificate will be accepted, use openssl verify:
openssl verify -CApath /etc/ssl/certs -verbose certificate.pem

When openssl is compiled from source, no root certificates are included!
You can get root certificates here:

These have to be placed in f.e. /etc/ssl/certs/ca-certs.crt (or .pem - i think the extension is the same) and may have to be hashed...
That way officially signed sites will work.

Usually a signed site uses a chain of certificates, so all sites above the site certificate in the chain have to be obtained and hashed. The s_client -showcerts option of openssl is helpful to display each certificate of the chain.

Self signed certificates have to be added and hashed also, if you want them to be accepted.

Create self signed certificate:

openssl req -new -x509 -keyout newone.key -out newone.pem -days 365 -nodes