565
Comment:
|
723
|
Deletions are marked like this. | Additions are marked like this. |
Line 12: | Line 12: |
* Steps | * Steps - New CA - Delete all old keys. |
Line 22: | Line 22: |
./build-dh ##keys/dh2048.pem | |
Line 23: | Line 24: |
* Steps - New Cert {{{ ./pkitool --server myserver ./pkitool myclient }}} |
OpenSSL easy-rsa ca and cert creation
Links: Linux/OpenSSL , security/ssl
201707 install with sudo apt install easy-rsa
- Note {{{ As you create certificates, keys, and
- certificate signing requests, understand that only .key files should be kept confidential.
- crt and .csr files can be sent over insecure channels such as plaintext email. }}}
- Steps - New CA - Delete all old keys.
~$ make-cadir rsaOpenVpn ~$ cd rsaOpenVpn ~/rsaOpenVpn$ gvim vars bash vars ./clean-all ./build-ca ls keys ./build-dh ##keys/dh2048.pem
- Steps - New Cert
./pkitool --server myserver ./pkitool myclient
...