Differences between revisions 3 and 5 (spanning 2 versions)

OpenSSL easy-rsa ca and cert creation

Links: Linux/OpenSSL , security/ssl
201707 install with sudo apt install easy-rsa
Note {{{ As you create certificates, keys, and
- certificate signing requests, understand that only .key files should be kept confidential.
- crt and .csr files can be sent over insecure channels such as plaintext email. }}}

Steps - New CA - Delete all old keys.

~$ make-cadir rsaOpenVpn
~$ cd rsaOpenVpn
~/rsaOpenVpn$ 
gvim vars
bash vars
./clean-all
./build-ca
ls keys
./build-dh      ##keys/dh2048.pem

Steps - New Cert

./pkitool --server myserver
./pkitool myclient

...

-  ⇤ ← Revision 3 as of 2017-08-02 23:10:41 → 
  Size: 495
  Editor: PieterSmit
  Comment:
+   ← Revision 5 as of 2017-08-02 23:25:22 → ⇥
  Size: 723
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 12:
- * Steps
+ * Steps - New CA - Delete all old keys.
 Line 16:
+~/rsaOpenVpn$ 
gvim vars
bash vars
./clean-all
./build-ca
ls keys
./build-dh      ##keys/dh2048.pem
}}}

 * Steps - New Cert
   {{{
./pkitool --server myserver
./pkitool myclient
-Line 18:
+Line 31: