Certificates

From Smop.co.uk

Jump to: navigation, search

I use "easy-rsa" from OpenVPN to manage my certificate needs.

Setup

cp -a /usr/share/doc/openvpn/examples/easy-rsa/ /etc
cd /etc/easy-rsa
edit vars to you needs
- country is "GB" for England (UK is Ukraine, GB _should_ be Gibraltar)
edit openssl.cnf if required
- by default certificates are valid for 10 years
. ./vars
./clean-all

CA and DH setup

./build-ca
- I entered ca.smop.co.uk for the common name
./build-dh

Certificate generation

You can use "build-req" and "sign-req" if you wish to, however there are several shorter options:

./build-key name (no password protection)
./build-key-padd name (password protected)
./build-key-pkcs12 (PKCS #12 format)
./build-key-server name (nsCertType=server - used by openvpn to avoid MitM attacks)

Retrieved from "http://www.smop.co.uk/mediawiki/index.php/Certificates"

Views

Personal tools

Log in

Search

Toolbox