Differences between revisions 4 and 6 (spanning 2 versions)
Revision 4 as of 2017-08-02 23:19:53
Size: 565
Editor: PieterSmit
Comment:
Revision 6 as of 2017-08-04 20:09:23
Size: 789
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 * Steps  * Steps - New CA - Delete all old keys.
Line 22: Line 22:
## dont use ./build-dh use openvpn to gen 2x keys.
../keys$ openvpn --genkey --secret dh2048.pem
Line 23: Line 26:

 * Steps - New Cert
   {{{
./pkitool --server myserver
./pkitool myclient

}}}

OpenSSL easy-rsa ca and cert creation

  • Links: Linux/OpenSSL , security/ssl

  • 201707 install with  sudo apt install easy-rsa 

  • Note {{{ As you create certificates, keys, and
    • certificate signing requests, understand that only .key files should be kept confidential.
    • crt and .csr files can be sent over insecure channels such as plaintext email. }}}
  • Steps - New CA - Delete all old keys. 
    • ~$ make-cadir rsaOpenVpn
~$ cd rsaOpenVpn
~/rsaOpenVpn$ 
gvim vars
bash vars
./clean-all
./build-ca
ls keys
## dont use ./build-dh use openvpn to gen 2x keys.
../keys$ openvpn --genkey --secret dh2048.pem
  • Steps - New Cert 
    • ./pkitool --server myserver
./pkitool myclient

...

easy-rsa (last edited 2017-08-04 20:09:23 by PieterSmit)