<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:DengXian;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:DengXian;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        text-align:justify;
        text-justify:inter-ideograph;
        font-size:10.5pt;
        font-family:DengXian;}
h1
        {mso-style-priority:9;
        mso-style-link:"\6807\9898 1 \5B57\7B26";
        margin-top:17.0pt;
        margin-right:0cm;
        margin-bottom:16.5pt;
        margin-left:0cm;
        text-align:justify;
        text-justify:inter-ideograph;
        line-height:240%;
        page-break-after:avoid;
        font-size:22.0pt;
        font-family:DengXian;
        font-weight:bold;}
p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
        {mso-style-priority:11;
        mso-style-link:"\526F\6807\9898 \5B57\7B26";
        margin-top:12.0pt;
        margin-right:0cm;
        margin-bottom:3.0pt;
        margin-left:0cm;
        text-align:center;
        line-height:130%;
        font-size:16.0pt;
        font-family:DengXian;
        font-weight:bold;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML \9884\8BBE\683C\5F0F \5B57\7B26";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:SimSun;}
span.1
        {mso-style-name:"\6807\9898 1 \5B57\7B26";
        mso-style-priority:9;
        mso-style-link:"\6807\9898 1";
        font-family:DengXian;
        font-weight:bold;}
span.HTML
        {mso-style-name:"HTML \9884\8BBE\683C\5F0F \5B57\7B26";
        mso-style-priority:99;
        mso-style-link:"HTML \9884\8BBE\683C\5F0F";
        font-family:SimSun;}
span.a
        {mso-style-name:"\526F\6807\9898 \5B57\7B26";
        mso-style-priority:11;
        mso-style-link:\526F\6807\9898;
        font-family:DengXian;
        font-weight:bold;}
span.apple-converted-space
        {mso-style-name:apple-converted-space;}
.MsoChpDefault
        {mso-style-type:export-only;}
/* Page Definitions */
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body lang="ZH-CN" link="blue" vlink="#954F72">
<div class="WordSection1">
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Hi !<span class="apple-converted-space"> </span><br>
With so many search In vain,<br>
I can’t find the actual example through google , and I failed again and again with many procedures<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Only  the     “…. -nodes rsa:1024…. ‘ somelike self-sign set of cert files can be use in
</span><span lang="EN-US">otp</span>’<span lang="EN-US">s ssl node to node  communication</span><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Below are the  failed ones<o:p></o:p></span></p>
<h1><span lang="EN-US">Procedure1 succeed  but   failed to use in otp</span>’<span lang="EN-US">s ssl</span></h1>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p class="MsoSubtitle"><span lang="EN-US">With aes256  encrypt generation</span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">First to generate key csr and crt</span></b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">
<b>Root CA some like below</b><o:p></o:p></span></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">openssl genrsa -aes256 -out private/cakey.pem 1024<o:p></o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">openssl req -new -key private/cakey.pem -out private/ca.csr -subj \<o:p></o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">"/C=CN/ST=myprovince/L=mycity/O=myorganization/OU=mygroup/CN=myname"<o:p></o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">openssl req -x509 -days 365 -sha1 -extensions v3_ca -signkey \<o:p></o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">private/cakey.pem -in private/ca.csr -out certs/ca.cer<o:p></o:p></span></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">sign the server-side
<o:p></o:p></span></b></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">openssl genrsa -aes256 -out private/server-key.pem 1024<o:p></o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">openssl req -new -key private/server-key.pem -out private/server.csr -subj \<o:p></o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">"/C=CN/ST=myprovince/L=mycity/O=myorganization/OU=mygroup/CN=myname"<o:p></o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">openssl req -x509 -days 365 -sha1 -extensions v3_req -CA certs/ca.cer -CAkey private/cakey.pem \<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">-CAserial ca.srl -CAcreateserial -in private/server.csr -out certs/server.cer<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<h1><span lang="EN-US">Procedure2 succeed  but   failed to use in otp</span>’<span lang="EN-US">s ssl</span></h1>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Openssl  config file some like (may not actully be)<o:p></o:p></span></b></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Openssl.cnf<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ ca ]
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">default_ca = CA_own
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ CA_own ]
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">certs = .<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">new_certs_dir = ./db/certs<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">database = ./db/index<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">serial = ./db/serial<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">RANDFILE = ./db/rand<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">certificate = ./ca.cert.pem<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">private_key = ./ca.key.pem<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">default_days = 7300
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">default_crl_days = 30
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">default_md = sha1<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">preserve = no
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">policy = policy_anything
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">extensions = v3_ca
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ policy_anything ]
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">countryName = optional
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">stateOrProvinceName = optional
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">localityName = optional
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">organizationName = optional
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">organizationalUnitName = optional
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">commonName = supplied
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">emailAddress = optional
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ req ]
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">distinguished_name = req_distinguished_name
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">attributes = req_attributes
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">req_extensions = v3_req<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ req_distinguished_name ]
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">countryName = Country Name (2 letter code)
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">countryName_default = US
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">stateOrProvinceName = State or Province Name (full name)
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">stateOrProvinceName_default = New York
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">localityName = Locality Name (eg, city)
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">localityName_default = New York0
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">organizationName = Organization Name (eg, company)
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">organizationName_default = Microsoft Corp.
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">organizationalUnitName = Organizational Unit Name (eg, section)<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">commonName = Common Name (eg, YOUR name)
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">commonName_max = 64
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">emailAddress = Email Address
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">emailAddress_max = 64
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ req_attributes ]
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">challengePassword = A challenge password
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">challengePassword_min = 4
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">challengePassword_max = 20
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">unstructuredName = An optional company name
<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">unstructuredName_default = Microsoft"<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ v3_ca ]<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">subjectKeyIdentifier=hash<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">authorityKeyIdentifier=keyid:always, issuer<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">basicConstraints = CA:true<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[ v3_req ]<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">basicConstraints = CA:FALSE<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">keyUsage = nonRepudiation, digitalSignature, keyEncipherment<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">subjectAltName = @alt_names<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">[alt_names]<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">DNS.1 = rpslc_1@192.168.212.173<o:p></o:p></span></b></p>
<p style="background:white"><b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">DNS.2 = rpslc_2@192.168.212.173<o:p></o:p></span></b></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></b></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">First to generate key csr and crt</span></b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">
<b>Root CA some like below</b><o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:7.5pt;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">openssl genrsa -out CA.key.pem 2048<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">openssl req -x509 -new -nodes -key ca.key.pem -days 365 -out ca.cert.pem<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black"> <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black"> <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">openssl genpkey -genparam -algorithm EC -out ecdh.pem \<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                                        -pkeyopt ec_paramgen_curve:brainpoolP512r1<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black"> <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:7.5pt;margin-left:7.5pt"><span lang="EN-US" style="color:black">openssl req   -nodes  -new -newkey ec:ecdh.pem   -keyout  1ecdh.key.pem -out 1ecdh.csr.pem<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">sign</span></b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="margin:7.5pt"><span lang="EN-US" style="color:black">openssl ca -in 1ecdh.csr.pem  -out 1ecdh.crt.pem -config $CONF_FILE<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">and finally I get 8 files for 2 nodes to connect each other<br>
ca.cert.pem<br>
ecdh.pem<br>
1ecdh.key.pem<br>
1ecdh.csr.pem<br>
1ecdh.crt.pem<br>
2ecdh.key.pem<br>
2ecdh.csr.pem<br>
2ecdh.crt.pem<o:p></o:p></span></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">baseOptions from app gen_rpc</span></b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:7.5pt;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">-</span><b><span lang="EN-US" style="color:#006699">define</span></b><span lang="EN-US" style="color:black">(</span><span lang="EN-US" style="color:#0066CC">SSL_DEFAULT_COMMON_OPTS</span><span lang="EN-US" style="color:black">, [binary,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {packet,0},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {header,0},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {exit_on_close,true},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {nodelay,true}, </span><span lang="EN-US" style="color:#008200">% Send our requests immediately</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {send_timeout_close,true}, </span><span lang="EN-US" style="color:#008200">% When the socket times out, close the connection</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {delay_send,false}, </span><span lang="EN-US" style="color:#008200">% Scheduler should favor timely delivery</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {linger,{true,2}}, </span><span lang="EN-US" style="color:#008200">% Allow the socket to flush outgoing data for 2" before closing it - useful for casts</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {reuseaddr,true}, </span><span lang="EN-US" style="color:#008200">% Reuse local port numbers</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {keepalive,true}, </span><span lang="EN-US" style="color:#008200">% Keep our channel open</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {tos,72}, </span><span lang="EN-US" style="color:#008200">% Deliver immediately</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {active,false},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        </span><span lang="EN-US" style="color:#008200">%% SSL options</span><span lang="EN-US" style="color:black"><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {ciphers,[</span><span lang="EN-US" style="color:blue">"ECDHE-ECDSA-AES256-GCM-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-RSA-AES256-GCM-SHA384"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDHE-ECDSA-AES256-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-RSA-AES256-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-ECDSA-DES-CBC3-SHA"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDH-ECDSA-AES256-GCM-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDH-RSA-AES256-GCM-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDH-ECDSA-AES256-SHA384"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDH-RSA-AES256-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"DHE-DSS-AES256-GCM-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"DHE-DSS-AES256-SHA256"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"AES256-GCM-SHA384"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"AES256-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-ECDSA-AES128-GCM-SHA256"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDHE-RSA-AES128-GCM-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-ECDSA-AES128-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-RSA-AES128-SHA256"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDH-ECDSA-AES128-GCM-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDH-RSA-AES128-GCM-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDH-ECDSA-AES128-SHA256"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDH-RSA-AES128-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"DHE-DSS-AES128-GCM-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"DHE-DSS-AES128-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"AES128-GCM-SHA256"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"AES128-SHA256"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-ECDSA-AES256-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-RSA-AES256-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"DHE-DSS-AES256-SHA"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDH-ECDSA-AES256-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDH-RSA-AES256-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"AES256-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDHE-ECDSA-AES128-SHA"</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">                  </span><span lang="EN-US" style="color:blue">"ECDHE-RSA-AES128-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"DHE-DSS-AES128-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDH-ECDSA-AES128-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"ECDH-RSA-AES128-SHA"</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">"AES128-SHA"</span><span lang="EN-US" style="color:black">]},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {secure_renegotiate,true},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {reuse_sessions,true},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {versions,[</span><span lang="EN-US" style="color:blue">'tlsv1.2'</span><span lang="EN-US" style="color:black">,</span><span lang="EN-US" style="color:blue">'tlsv1.1'</span><span lang="EN-US" style="color:black">]},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {verify,verify_peer},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {hibernate_after,600000},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {active,false}]).<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black"> <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">-</span><b><span lang="EN-US" style="color:#006699">define</span></b><span lang="EN-US" style="color:black">(</span><span lang="EN-US" style="color:#0066CC">SSL_DEFAULT_SERVER_OPTS</span><span lang="EN-US" style="color:black">, [{fail_if_no_peer_cert,true},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {log_alert,false},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {honor_cipher_order,true},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        {client_renegotiation,true}]).<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black"> <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">-</span><b><span lang="EN-US" style="color:#006699">define</span></b><span lang="EN-US" style="color:black">(</span><span lang="EN-US" style="color:#0066CC">SSL_DEFAULT_CLIENT_OPTS</span><span lang="EN-US" style="color:black">, [{server_name_indication,disable},<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:7.5pt;margin-left:7.5pt"><span lang="EN-US" style="color:black">        {depth,99}]).<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">And extra options<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:7.5pt;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">ssl_client_options: [<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            certfile: certfile,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            keyfile: keyfile,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            cacertfile: </span><span lang="EN-US" style="color:blue">'./priv/ssl/ca.cert.pem'</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            eccs: [:brainpool</span><span lang="EN-US" style="color:#0066CC">P512r1</span><span lang="EN-US" style="color:black">]<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">          <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            ],<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        ssl_server_options: [<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            certfile: certfile,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            keyfile: keyfile,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            cacertfile: </span><span lang="EN-US" style="color:blue">'./priv/ssl/ca.cert.pem'</span><span lang="EN-US" style="color:black">,<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">            eccs: [:brainpool</span><span lang="EN-US" style="color:#0066CC">P512r1</span><span lang="EN-US" style="color:black">]<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">        <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:7.5pt;margin-left:7.5pt"><span lang="EN-US" style="color:black">        ],<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">The two node are both in one centos system<span class="apple-converted-space"> </span><br>
And when I try to ssl:connect/4 , i get such error below:<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:7.5pt;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span style="color:black">“ <span lang="EN-US">tls_connection.erl:704:Fatal error: handshake failure - malformed_handshake_data</span>”<span lang="EN-US">;<o:p></o:p></span></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black"> <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:7.5pt;margin-left:7.5pt"><span lang="EN-US" style="color:black">{tls_alert,"handshake failure"};<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">And when I try to openssl s_client with error below:<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:7.5pt;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">openssl s_client -connect 192.168.212.173:5370  -cert 2.crt.pem -key 2.key.pem   -CAfile ca.cert.pem -cipher ECDH-RSA-AES256-GCM-SHA384  -debug<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">CONNECTED(00000003)<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">depth=1 C = CN, ST = cq, L = cq, O = s, OU = p, CN = botanyzh, emailAddress = botanyzh@live.cn<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">verify return:1<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">depth=0 C = US, ST = Uniden, L = 00abcdef1234, O = sprt, OU = potato, CN = rpslc_1@192.168.212.173, emailAddress = botanyzh@live.cn<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">verify return:1<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">140467656820416:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1493:SSL alert number 40<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">140467656820416:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black"> <o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">With extra  </span><span style="color:black">“<span lang="EN-US">-debug</span>”<span lang="EN-US"><o:p></o:p></span></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">write to 0x159aa30 [0x15acb00] (6 bytes => -1 (0xFFFFFFFFFFFFFFFF))<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:7.5pt;margin-left:7.5pt"><span lang="EN-US" style="color:black">write:errno=32<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Please help me<o:p></o:p></span></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">about the ssl’s source</span></b><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333"><br>
the ecdh cert seems is not usable for otp's ssl<br>
when i debuged i found that the ssl_connection:handle_peer_cert_key/5 call to public_key :generate_key/1 can never match<o:p></o:p></span></p>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">the public_key's interface is<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:7.5pt;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">generate_key(#</span><span lang="EN-US" style="color:blue">'DHParameter'</span><span lang="EN-US" style="color:black">{prime = P, base = G}) -><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:deeppink">crypto:generate_key</span><span lang="EN-US" style="color:black">(dh, [P, G]);<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">generate_key({named</span><span lang="EN-US" style="color:#0066CC">Curve</span><span lang="EN-US" style="color:black">, _} = </span><span lang="EN-US" style="color:#0066CC">Params</span><span lang="EN-US" style="color:black">) -><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">ec_generate_key(</span><span lang="EN-US" style="color:#0066CC">Params</span><span lang="EN-US" style="color:black">);<o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:0cm;margin-left:7.5pt;margin-bottom:.0001pt"><span lang="EN-US" style="color:black">generate_key(#</span><span lang="EN-US" style="color:blue">'ECParameters'</span><span lang="EN-US" style="color:black">{} = </span><span lang="EN-US" style="color:#0066CC">Params</span><span lang="EN-US" style="color:black">) -><o:p></o:p></span></pre>
</td>
</tr>
<tr>
<td valign="top" style="padding:0cm 0cm 0cm 0cm">
<pre style="mso-margin-top-alt:0cm;margin-right:7.5pt;margin-bottom:7.5pt;margin-left:7.5pt"><span lang="EN-US" style="color:black">ec_generate_key(</span><span lang="EN-US" style="color:#0066CC">Params</span><span lang="EN-US" style="color:black">).<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p style="mso-margin-top-alt:7.5pt;margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">but the arg called is {ecParameters, 'ECParameters'{} = Params}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt;font-family:SimSun"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">发送自<span lang="EN-US"> Windows 10
</span>版<span lang="EN-US"><a href="https://go.microsoft.com/fwlink/?LinkId=550986"><span lang="EN-US"><span lang="EN-US">邮件</span></span></a></span>应用<span lang="EN-US"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt;font-family:SimSun"><o:p> </o:p></span></p>
</div>
</body>
</html>