OpenSSL easy-rsa ca and cert creation

• Links: Linux/OpenSSL , security/ssl

• 201707 install with  sudo apt install easy-rsa 

• Note {{{ As you create certificates, keys, and
  • certificate signing requests, understand that only .key files should be kept confidential.
  • crt and .csr files can be sent over insecure channels such as plaintext email. }}}
• Steps - New CA - Delete all old keys.

  • ~$ make-cadir rsaOpenVpn
    ~$ cd rsaOpenVpn
    ~/rsaOpenVpn$ 
    gvim vars
    bash vars
    ./clean-all
    ./build-ca
    ls keys
    ## dont use ./build-dh use openvpn to gen 2x keys.
    ../keys$ openvpn --genkey --secret dh2048.pem

• Steps - New Cert

  • ./pkitool --server myserver
    ./pkitool myclient

...