[Libwebsockets] how to generate ssl cert with openssl for use with libwebsocket

Andy Green andy at warmcat.com
Mon May 23 08:37:32 CEST 2016

On May 23, 2016 2:11:39 PM GMT+08:00, kang joni <kangjoni76 at gmail.com> wrote:
>I want standard rsa aes gcm SSL cert for use with libwebsocket, I'm
>not sure how to do this. My openssl version is openssl_1_0_2g

Lws just takes whatever cert you give it, and passes it to openssl along with an optional string telling openssl which ciphers, hashes and key exchange mechanisms should be allowed in info.ssl_cipher_list.  If you're not fussed (or not allowed to use strong crypto with PFS in your country...) you can allow everything, including weak things, by setting it to "ALL".

You can see an example for generating selfsigned certs in CMakeLists.txt


What the cert actually uses when it's created is purely an openssl thing.  The interpretation of the cert itself is purely an openssl thing.  Unless some issue turns up about lws integration, for generating the cert how you want you will get better help asking on the openssl list



>Libwebsockets mailing list
>Libwebsockets at ml.libwebsockets.org

More information about the Libwebsockets mailing list