{"id":1210,"date":"2020-04-15T12:28:31","date_gmt":"2020-04-15T12:28:31","guid":{"rendered":"http:\/\/kabiliravi.com\/?page_id=1210"},"modified":"2020-04-15T15:37:25","modified_gmt":"2020-04-15T15:37:25","slug":"generating-vpn-required-certifications-and-keys","status":"publish","type":"page","link":"http:\/\/kabiliravi.com\/index.php\/software\/miscellaneous\/setting-up-a-vpn-server-using-openconnect\/generating-vpn-required-certifications-and-keys\/","title":{"rendered":"Generating VPN required certifications and keys"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Install certool CLI command<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">Debian<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ sudo apt-get install gnutls-bin <\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">CentOS<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ sudo yum install<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Generate CA Certs and Keys<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">Generate CA Template<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ cat &lt;&lt; _EOF_ &gt;ca.template\n#Certificate Authority Certificates\n\n# X.509 Certificate options\n#\n# DN options\n\n# The organization of the subject.\norganization = \"YourOrg\"\n\n# The organizational unit of the subject.\nunit = \"YourDepartment\"\n\n# The state of the certificate owner.\nstate = \"YourState\"\n\n# The country of the subject. Two letter code.\ncountry = YourCountry\n\n# The common name of the certificate owner.\ncn = \"YourCommonName\"\n\n# The serial number of the certificate. Should be incremented each time a new certificate is generated.\nserial = 001\n\n# In how many days, counting from today, this certificate will expire.\nexpiration_days = 3650\n\n# Whether this is a CA certificate or not\nca\n\n# Whether this key will be used to sign other certificates.\ncert_signing_key\n\n# Whether this key will be used to sign CRLs.\ncrl_signing_key\n_EOF_<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate CA Private Key<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ certtool --generate-privkey --outfile ca-key.pem<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate CA Self Signed Certificate<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ certtool --generate-self-signed --load-privkey ca-key.pem --template ca.template --outfile ca-cert.pem<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Generating Server Certs and Keys<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Server Template<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ cat &lt;&lt; _EOF_ >server.template\ncn = \"VPN server\"\ndns_name = \"&lt;your-host-name>\"\n#ip_address = \"&lt;your-host-ip>\" # optional\norganization = \"YourOrg\"\nexpiration_days = -1\nsigning_key\nencryption_key #only if the generated key is an RSA one\ntls_www_server\n_EOF_<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Server Private Key<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ certtool --generate-privkey --outfile server-key.pem<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Server Certificate<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ certtool --generate-certificate --load-privkey server-key.pem \\\n--load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem \\\n--template server.template --outfile server-cert.pem<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Generating Client Certificates<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Client Template<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ cat &lt;&lt; _EOF_ >user1.template\ncn = \"user1\"\nunit = \"admins\"\nexpiration_days = 365\nsigning_key\ntls_www_client\n_EOF_<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Client Private Key<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ certtool --generate-privkey --outfile user1-key.pem<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Client Certificate<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ certtool --generate-certificate --load-privkey user1.pem \\\n--load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem \\\n--template user1.template --outfile user1.pem<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Generate Client P12<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">$ certtool --to-p12 --load-privkey user1.pem \\\n--pkcs-cipher 3des-pkcs12 \\\n--load-certificate user1.pem \\\n--outfile user1.p12 --outder<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Install certool CLI command Debian $ sudo apt-get install gnutls-bin CentOS $ sudo yum install Generate CA Certs and Keys Generate CA Template $ cat &lt;&lt; _EOF_ &gt;ca.template #Certificate Authority Certificates # X.509 Certificate options # # DN options # The organization of the subject. organization = &#8220;YourOrg&#8221; # The organizational unit of the subject. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":1208,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"ngg_post_thumbnail":0,"footnotes":""},"class_list":["post-1210","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/pages\/1210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/comments?post=1210"}],"version-history":[{"count":9,"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/pages\/1210\/revisions"}],"predecessor-version":[{"id":1225,"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/pages\/1210\/revisions\/1225"}],"up":[{"embeddable":true,"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/pages\/1208"}],"wp:attachment":[{"href":"http:\/\/kabiliravi.com\/index.php\/wp-json\/wp\/v2\/media?parent=1210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}