[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] creating certificates without the scripts


  • Subject: Re: [Openvpn-users] creating certificates without the scripts
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Mon, 03 Dec 2007 09:45:49 +0100

gandalf istari wrote:
> I don't want to use the existing scripts for creating certificates 
> because i have already a working pki with serveral certs for websites 
> and other all under one CA root, and its pub key is given to several 
> clients.
>
> I supose for the server certificate i can create on the same way as an 
> web certificate:
> openssl ca -in blabla.req -out blabla.cer -days 3650 -config 
> /etc/openssl.cnf
>
> but how do i create certificates for the clients the same way as above ?
>
>
Yep. the "generic" way to generate an OpenSSL certificate is

1. generate a certificate signing request, e.g.
  openssl req -new -keyout blabla.key -out blabla.req -newkey rsa:1024 
-subj "whatever"
2. sign the CSR with the CA certificate+public key e.g.
  openssl -req cert.req -CA ca.crt -CAkey ca.key -out blabla.crt -days 
3650 -config /etc/openssl.cnf
or using the 'openssl ca' command

presto!

HTH,

JJK

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users