Generating VPN required certifications and keys

Install certool CLI command

Debian

$ sudo apt-get install gnutls-bin

CentOS

$ sudo yum install

Generate CA Certs and Keys

Generate CA Template

$ cat << _EOF_ >ca.template
#Certificate Authority Certificates

# X.509 Certificate options
#
# DN options

# The organization of the subject.
organization = "YourOrg"

# The organizational unit of the subject.
unit = "YourDepartment"

# The state of the certificate owner.
state = "YourState"

# The country of the subject. Two letter code.
country = YourCountry

# The common name of the certificate owner.
cn = "YourCommonName"

# The serial number of the certificate. Should be incremented each time a new certificate is generated.
serial = 001

# In how many days, counting from today, this certificate will expire.
expiration_days = 3650

# Whether this is a CA certificate or not
ca

# Whether this key will be used to sign other certificates.
cert_signing_key

# Whether this key will be used to sign CRLs.
crl_signing_key
_EOF_

Generate CA Private Key

$ certtool --generate-privkey --outfile ca-key.pem

Generate CA Self Signed Certificate

$ certtool --generate-self-signed --load-privkey ca-key.pem --template ca.template --outfile ca-cert.pem

Generating Server Certs and Keys

Generate Server Template

$ cat << _EOF_ >server.template
cn = "VPN server"
dns_name = "<your-host-name>"
#ip_address = "<your-host-ip>" # optional
organization = "YourOrg"
expiration_days = -1
signing_key
encryption_key #only if the generated key is an RSA one
tls_www_server
_EOF_

Generate Server Private Key

$ certtool --generate-privkey --outfile server-key.pem

Generate Server Certificate

$ certtool --generate-certificate --load-privkey server-key.pem \
--load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem \
--template server.template --outfile server-cert.pem

Generating Client Certificates

Generate Client Template

$ cat << _EOF_ >user1.template
cn = "user1"
unit = "admins"
expiration_days = 365
signing_key
tls_www_client
_EOF_

Generate Client Private Key

$ certtool --generate-privkey --outfile user1-key.pem

Generate Client Certificate

$ certtool --generate-certificate --load-privkey user1.pem \
--load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem \
--template user1.template --outfile user1.pem

Generate Client P12

$ certtool --to-p12 --load-privkey user1.pem \
--pkcs-cipher 3des-pkcs12 \
--load-certificate user1.pem \
--outfile user1.p12 --outder

Nasim Kabi

Install certool CLI command

Debian

CentOS

Generate CA Certs and Keys

Generate CA Template

Generate CA Private Key

Generate CA Self Signed Certificate

Generating Server Certs and Keys

Generate Server Template

Generate Server Private Key

Generate Server Certificate

Generating Client Certificates

Generate Client Template

Generate Client Private Key

Generate Client Certificate

Generate Client P12

YOU MAY HAVE MISSED

Started My Java Tutorial

Started writing a C++ tutorial

Started Learning Go

Started a New Website