Creating CA,server and client certificates using openssl for SSL VPN

Creating CA,server and client certificates using openssl for SSL VPN

Prerequistics:

1. Go to “cd /opt/edoceo/etc/ssl”

2. OpenSSL root CA configuration file. Click here to download

# Copy to '/opt/edoceo/etc/ssl#/openssl.cnf'.

3. Create below folder and files

mkdir certs crl newcerts private csr

chmod 700 private

touch index.txt

echo 1000 > serial

Root CA certificate Creation:

1. Create the root key:

openssl genrsa -aes256 -out private/ca.key.pem 4096

chmod 400 private/ca.key.pem

2. Create the root certificate:

openssl req -config openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem

chmod 444 certs/ca.cert.pem

3. Verify the root certificate:

openssl x509 -noout -text -in certs/ca.cert.pem

Server certificate creation:

1. Create a key

openssl genrsa -aes256 -out private/www.itzecurity.in.key.pem 2048

chmod 400 private/www.itzecurity.in.key.pem

2. Create a certificate

openssl req -config openssl.cnf -key private/www.itzecurity.in.key.pem -new -sha256 -out csr/www.itzecurity.in.csr.pem

openssl ca -config openssl.cnf -extensions server_cert -days 375 -notext -md sha256 -in csr/www.itzecurity.in.csr.pem -out certs/www.itzecurity.in.cert.pem

chmod 444 certs/www.itzecurity.in.cert.pem

3. Verify the certificate

openssl x509 -noout -text -in certs/www.itzecurity.in.cert.pem

openssl verify -CAfile certs/ca.cert.pem certs/www.itzecurity.in.cert.pem

Client certificate creation:

1. Create client key

openssl genrsa -des3 -out private/client.key.pem 1024

chmod 400 private/client.key.pem

2. Create CSR certificate

openssl req -key private/client.key.pem -new -out csr/client.csr.pem

chmod 400 csr/client.csr.pem

3. Create a certificate for client

openssl x509 -req -days 365 -in csr/client.csr.pem -CA certs/ca.cert.pem -CAkey private/ca.key.pem -set_serial 02 -out certs/user1.cert.pem

chmod 400 certs/user1.cert.pem

4. Verify the certificate

openssl x509 -noout -text -in certs/user1.crt.pem

openssl x509 -noout -text -in certs/user1.cert.pem

openssl verify -CAfile certs/ca.cert.pem certs/user1.cert.pem

5. Convert to PKCS12

openssl pkcs12 -export -in certs/user1.cert.pem -inkey private/client.key.pem -certfile certs/ca.cert.pem -name "user1" -out certs/user1.p12

openssl pkcs12 -in certs/user1.p12 -noout -info

Compressing the files

sudo tar cvzf sslramesh.gz /opt/edoceo/etc/ssl

sudo cp sslramesh.gz /var/www/html/ssl

Creating CA,server and client certificates using openssl for SSL VPN

Trending Articles

Scuffham Amps - S-GEAR 2.6.0 VST, AAX, STANDALONE x86 x64 (R2R NO iLok2, +NO...

Practice Sheet of Right form of verbs for HSC Students

VHSE First (1st) Allotment 2025 - vhscap.kerala.gov.in

UNIVERSE LEAGUE – UNIVERSE LEAGUE – WAR (We Are Ready) – EP [iTunes Plus M4A]

City Hunter Teledrama – Episode 18 – 07th May 2016

Comment on Proposed Criteria for Identifying Predatory Conferences by Luke...

Bureau of Internal Revenue: Regional Offices (Directory)

Kendrick Lamar – Not Like Us (2024) [24Bit-88.2kHz] [PMEDIA] ⭐️

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

East Hull MD admits sexual assaults after another victim comes forward

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

R. v. Sargeant, 2023 ONSC 6406 (CanLII)

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Who’s been sentenced at Northampton Magistrates’ Court

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

Family cries out as traditional ruler allegedly abducts brother, extorts N2.5m

Long-Running Conflict In Springfield (MA) Gangland Sphere Has Manzi Family &...

Wondershare Filmora X v10.1.20.16 x64

Man arrested after fracas in flat

Man charged in ongoing Sexual Assault Investigation Derek Nyilas, 46, Faces...