Standard CSR mit neuen Key:
openssl req -out server.csr -new -sha512 -newkey rsa:4096 -nodes -keyout server.keyStandard CSR mit alten Key;
openssl req -out server.csr -new -sha512 -key server.key
Self-signed Certificate:
openssl req -x509 -sha512 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt
Certificate Authority (CA) Certificate:
openssl genrsa -aes256 -out ca.key 4096 openssl req -new -sha512 -key ca.key -out ca.csr openssl x509 -sha512 -req -days 1825 -in ca.csr -signkey ca.key -out ca.crt openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
Client Certificate:
openssl genrsa -aes256 -out client.key 4096 openssl req -nodes -new -sha512 -key client.key -out client.csr openssl ca -cert ca.crt -keyfile ca.key -out client.crt -in client.csr openssl pkcs12 -export -inkey client.key -name "Client" -in client.crt -certfile ca.crt -out client.p12
VPN Server Certificate:
openssl genrsa -aes256 -out server.key 4096 openssl req -nodes -new -key server.key -out server.csr openssl x509 -sha512 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile vpn.conf
vpn.conf:
extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2 subjectAltName = DNS:vpn.doebl.eu
SAN Server Certificate:
openssl genrsa -aes256 -out server.key 4096 openssl req -nodes -new -sha512 -key server.key -out server.csr -config server.conf
san.conf:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = EU ST = L = O = Doebl OU = WIKI CN = wiki.doebl.eu [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = wiki.doebl.eu DNS.2 = wiki2.doebl.eu