Zertifikate für openvpn: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 13: | Zeile 13: | ||
Common Name (e.g. server FQDN or YOUR name) []:'''lab34-ca''' | Common Name (e.g. server FQDN or YOUR name) []:'''lab34-ca''' | ||
Email Address []:. | Email Address []:. | ||
| + | =Variable setzen= | ||
| + | *COMMONNAME="firewall.lab34.linuggs.de" | ||
| + | |||
| + | =Request für openvpn erstellen= | ||
| + | *openssl req -new -key $COMMONNAME.key -out $COMMONNAME.csr | ||
| + | Country Name (2 letter code) [AU]:. | ||
| + | State or Province Name (full name) [Some-State]:. | ||
| + | Locality Name (eg, city) []:. | ||
| + | Organization Name (eg, company) [Internet Widgits Pty Ltd]:. | ||
| + | Organizational Unit Name (eg, section) []:. | ||
| + | Common Name (e.g. server FQDN or YOUR name) []:'''firewall.lab34.linuggs.de''' | ||
| + | Email Address []:. | ||
| + | =Request signieren= | ||
| + | *openssl x509 -req -days 730 -in $COMMONNAME.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $COMMONNAME.crt | ||
| + | =Zertifikat angeigen= | ||
| + | *openssl x509 -noout -text -in ${COMMONNAME}.crt | ||
Aktuelle Version vom 6. Oktober 2024, 14:26 Uhr
CA Pirvate Key erstellen
- openssl genrsa -aes256 -out ca.key 4096
Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
CA Zertifikat erstellen
- openssl req -new -key ca.key -x509 -days 3650 -out ca.crt
Enter pass phrase for ca.key: Country Name (2 letter code) [AU]:. State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:. Organizational Unit Name (eg, section) []:. Common Name (e.g. server FQDN or YOUR name) []:lab34-ca Email Address []:.
Variable setzen
- COMMONNAME="firewall.lab34.linuggs.de"
Request für openvpn erstellen
- openssl req -new -key $COMMONNAME.key -out $COMMONNAME.csr
Country Name (2 letter code) [AU]:. State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:. Organizational Unit Name (eg, section) []:. Common Name (e.g. server FQDN or YOUR name) []:firewall.lab34.linuggs.de Email Address []:.
Request signieren
- openssl x509 -req -days 730 -in $COMMONNAME.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $COMMONNAME.crt
Zertifikat angeigen
- openssl x509 -noout -text -in ${COMMONNAME}.crt