Zuletzt angesehen: ssl
Sie befinden sich hier: start » linux » ssl

Dies ist eine alte Version des Dokuments!

Standard: 

openssl genrsa -des3 -out server.key 4096
openssl req -new -sha512 -key server.key -out server.csr
openssl rsa -in server.key -out server.key
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

Certificate Authority (CA) Certificate: 

openssl genrsa -des3 -out ca.key 4096
openssl req -new -sha512 -key ca.key -out ca.csr
openssl x509 -req -days 1825 -in ca.csr -signkey ca.key -out ca.crt

Client Certificate: 

openssl genrsa -des3 -out client.key 4096
openssl req -new -sha512 -key client.key -out client.csr
openssl ca -cert ca.crt -keyfile ca.key -out client.crt -in client.csr
openssl pkcs12 -export -inkey client.key -name "Client" -in client.crt -certfile ca.crt -out client.p12

VPN Server Certificate: 

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile vpn.conf

vpn.conf: 

extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2
subjectAltName = DNS:vpn.doebl.eu

SAN Server Certificate: 

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl -in server.csr -out server.crt -req -signkey server.key -config san.conf

san.conf: 

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = EU
ST =  
L = 
O = Doebl
OU = VPN
CN = vpn.doebl.eu
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = vpn.doebl.eu
DNS.2 = vpn2.doebl.eu

linux/ssl.1435584918.txt.gz · Zuletzt geändert: 2025/01/25 16:55 (Externe Bearbeitung)
Nach oben
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0