|
|
gandalf istari wrote: > I don't want to use the existing scripts for creating certificates > because i have already a working pki with serveral certs for websites > and other all under one CA root, and its pub key is given to several > clients. > > I supose for the server certificate i can create on the same way as an > web certificate: > openssl ca -in blabla.req -out blabla.cer -days 3650 -config > /etc/openssl.cnf > > but how do i create certificates for the clients the same way as above ? > > Yep. the "generic" way to generate an OpenSSL certificate is 1. generate a certificate signing request, e.g. openssl req -new -keyout blabla.key -out blabla.req -newkey rsa:1024 -subj "whatever" 2. sign the CSR with the CA certificate+public key e.g. openssl -req cert.req -CA ca.crt -CAkey ca.key -out blabla.crt -days 3650 -config /etc/openssl.cnf or using the 'openssl ca' command presto! HTH, JJK ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |