184
Comment:
|
← Revision 6 as of 2017-08-04 20:09:23 ⇥
789
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
* Note {{{ As you create certificates, keys, and certificate signing requests, understand that only .key files should be kept confidential. .crt and .csr files can be sent over insecure channels such as plaintext email. }}} * Steps - New CA - Delete all old keys. {{{ ~$ make-cadir rsaOpenVpn ~$ cd rsaOpenVpn ~/rsaOpenVpn$ gvim vars bash vars ./clean-all ./build-ca ls keys ## dont use ./build-dh use openvpn to gen 2x keys. ../keys$ openvpn --genkey --secret dh2048.pem }}} * Steps - New Cert {{{ ./pkitool --server myserver ./pkitool myclient }}} |
OpenSSL easy-rsa ca and cert creation
Links: Linux/OpenSSL , security/ssl
201707 install with sudo apt install easy-rsa
- Note {{{ As you create certificates, keys, and
- certificate signing requests, understand that only .key files should be kept confidential.
- crt and .csr files can be sent over insecure channels such as plaintext email. }}}
- Steps - New CA - Delete all old keys.
~$ make-cadir rsaOpenVpn ~$ cd rsaOpenVpn ~/rsaOpenVpn$ gvim vars bash vars ./clean-all ./build-ca ls keys ## dont use ./build-dh use openvpn to gen 2x keys. ../keys$ openvpn --genkey --secret dh2048.pem
- Steps - New Cert
./pkitool --server myserver ./pkitool myclient
...