I been writing socket programs for some time that run on internal networks now. Now I like to add proper SSL/TLS support. I do not have a registered domain. I do have DDNS. Would let's encrypt work to test how things work? Or I need full domain even for learning purposes? I know there is an OpenSSL developer certificate that I already played with. I like to try it on my own time with a proper certificate before I can pitch my work to my clients. So please let me know about DDNS. I am not interested in web development ASP, etc. Maybe some wss:// WebSockets.
My development is on Ubuntu 20.04 right now. I am running
$ certbot --version
certbot 1.9.0
What I am looking for is suggestions about how to generate the "best/secure" certificate for bsd sockets.
- I see quite a few examples of Web server certificates but very little about socket certificates?
- Is there a difference in how each certificate is generated?
- From my reading I have to renew the certificate every 90 days. It let's say I renew in 89 days do I have to restart my server for a new certificate to be loaded? Or is it that on each new socket connection, the certificate file is read from SSD so no reboot is required.
- Anyone has a good sample code to demonstrate all necessary steps initializing Secure Sockets. I like to see the steps and API used so I can go one by one and study,
Thank you all