Differences between revisions 1 and 6 (spanning 5 versions)

OpenSSL easy-rsa ca and cert creation

Links: Linux/OpenSSL , security/ssl
201707 install with sudo apt install easy-rsa
Note {{{ As you create certificates, keys, and
- certificate signing requests, understand that only .key files should be kept confidential.
- crt and .csr files can be sent over insecure channels such as plaintext email. }}}

Steps - New CA - Delete all old keys.

~$ make-cadir rsaOpenVpn
~$ cd rsaOpenVpn
~/rsaOpenVpn$ 
gvim vars
bash vars
./clean-all
./build-ca
ls keys
## dont use ./build-dh use openvpn to gen 2x keys.
../keys$ openvpn --genkey --secret dh2048.pem

Steps - New Cert

./pkitool --server myserver
./pkitool myclient

...

-  ⇤ ← Revision 1 as of 2017-08-02 23:01:30 → 
  Size: 170
  Editor: PieterSmit
  Comment:
+   ← Revision 6 as of 2017-08-04 20:09:23 → ⇥
  Size: 789
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 4:
- * Links: [[Linux/OpenSSL]] , [[
+ * Links: [[Linux/OpenSSL]] , [[security/ssl]]
 Line 6:
+ * Note {{{ As you create certificates, keys, and
   certificate signing requests, understand that
   only .key files should be kept confidential.
   .crt and .csr files can be sent over insecure
   channels such as plaintext email. }}}

 * Steps - New CA - Delete all old keys.
   {{{
~$ make-cadir rsaOpenVpn
~$ cd rsaOpenVpn
~/rsaOpenVpn$ 
gvim vars
bash vars
./clean-all
./build-ca
ls keys
## dont use ./build-dh use openvpn to gen 2x keys.
../keys$ openvpn --genkey --secret dh2048.pem

}}}

 * Steps - New Cert
   {{{
./pkitool --server myserver
./pkitool myclient

}}}