#format wiki
#language en
= OpenSSL easy-rsa ca and cert creation =
 * Links: [[Linux/OpenSSL]] , [[security/ssl]]
 * 201707 install with {{{ sudo apt install easy-rsa }}}
 * Note {{{ As you create certificates, keys, and
   certificate signing requests, understand that
   only .key files should be kept confidential.
   .crt and .csr files can be sent over insecure
   channels such as plaintext email. }}}

 * Steps - New CA - Delete all old keys.
   {{{
~$ make-cadir rsaOpenVpn
~$ cd rsaOpenVpn
~/rsaOpenVpn$ 
gvim vars
bash vars
./clean-all
./build-ca
ls keys
## dont use ./build-dh use openvpn to gen 2x keys.
../keys$ openvpn --genkey --secret dh2048.pem

}}}

 * Steps - New Cert
   {{{
./pkitool --server myserver
./pkitool myclient

}}}


...