Differences between revisions 5 and 6
Revision 5 as of 2017-08-02 23:25:22
Size: 723
Editor: PieterSmit
Comment:
Revision 6 as of 2017-08-04 20:09:23
Size: 789
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 22: Line 22:
./build-dh ##keys/dh2048.pem ## dont use ./build-dh use openvpn to gen 2x keys.
../keys$ openvpn --genkey --secret dh2048.pem

OpenSSL easy-rsa ca and cert creation

  • Links: Linux/OpenSSL , security/ssl

  • 201707 install with  sudo apt install easy-rsa 

  • Note {{{ As you create certificates, keys, and
    • certificate signing requests, understand that only .key files should be kept confidential.
    • crt and .csr files can be sent over insecure channels such as plaintext email. }}}
  • Steps - New CA - Delete all old keys.
    • ~$ make-cadir rsaOpenVpn
      ~$ cd rsaOpenVpn
      ~/rsaOpenVpn$ 
      gvim vars
      bash vars
      ./clean-all
      ./build-ca
      ls keys
      ## dont use ./build-dh use openvpn to gen 2x keys.
      ../keys$ openvpn --genkey --secret dh2048.pem
  • Steps - New Cert
    • ./pkitool --server myserver
      ./pkitool myclient

...

easy-rsa (last edited 2017-08-04 20:09:23 by PieterSmit)