# Before running the OpenSSL commands, change /etc/hosts to point to
# 'example.com' and 'www.example.com' to 127.0.0.1

# Server
openssl s_server -accept 8443 -www -certform PEM -cert server-rsa-cert.pem -keyform PEM -key server-rsa-key-plain.pem -tls1

# If you try to connect with wget, then it will reject s_server's small DH group. Disable DH:
$ openssl s_server -accept 8443 -www -certform PEM -cert server-rsa-cert.pem -keyform PEM -key server-rsa-key-plain.pem -tls1 -cipher kRSA:HIGH:-EDH

# Client
openssl s_client -connect www.example.com:8443 -CAfile ca-rsa-cert.pem

# Print CA cert
openssl x509 -inform PEM -in ca-rsa-cert.pem -text -noout

# Print server cert
openssl x509 -inform PEM -in server-rsa-cert.pem -text -noout



