Template:Generating certificates and keys: Difference between revisions

From Teltonika Networks Wiki
Line 4: Line 4:
     <li>Now we can start generating the certificates and keys. Begin with the <b>certificate authority</b> (<b>CA</b>) - the root certificate file that will be used to sign other certificates and keys:<pre>./easyrsa build-ca nopass</pre></li>
     <li>Now we can start generating the certificates and keys. Begin with the <b>certificate authority</b> (<b>CA</b>) - the root certificate file that will be used to sign other certificates and keys:<pre>./easyrsa build-ca nopass</pre></li>
     <li>Next, build the <b>server</b> certificate and key:<pre>./easyrsa build-server-full server nopass</pre></li>
     <li>Next, build the <b>server</b> certificate and key:<pre>./easyrsa build-server-full server nopass</pre></li>
     <li>Next, build certificates and keys for the <b>clients</b>:<pre>./easyrsa build-client-full Client1 nopass</pre><font size="-1"><b>Note</b>: replace <i>Client1</i> with this client's Common Name (CN).</font><br><br></li>
     <li>Next, build certificates and keys for the <b>clients</b>:<pre>./easyrsa build-client-full Client1 nopass</pre><font size="-1"><b>Note</b>: replace <i>Client1</i> with this client's Common Name (CN). Omit "nopass" and you will be prompted to choose the client's password.</font><br><br></li>
     <li>Lastly, generate <b>Diffie Hellman parameters</b>:<pre>./easyrsa gen-dh</pre></li>
     <li>Lastly, generate <b>Diffie Hellman parameters</b>:<pre>./easyrsa gen-dh</pre></li>
</ul>
</ul>
Line 12: Line 12:
<table class="nd-othertables_3">
<table class="nd-othertables_3">
     <tr>
     <tr>
         <th width=200>File(s)</th>
         <th width="200">File(s)</th>
         <th width=50 style="text-align: center;"></th>
         <th width="50" style="text-align: center;"></th>
         <th width=330 style="text-align: right;">Location</th>
         <th width="330" style="text-align: right;">Location</th>
     <tr>
     <tr>
         <td>CA certificate</td>
         <td>CA certificate</td>
         <td style="text-align: center;">→</th>
         <td style="text-align: center;">→
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki</i></td>
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki</i></td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Diffie-Hellman parameters</td>
         <td>Diffie-Hellman parameters</td>
         <td style="text-align: center;">→</th>
         <td style="text-align: center;">→
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki</i></td>
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki</i></td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Client and Server keys</td>
         <td>Client and Server keys</td>
         <td style="text-align: center;">→</th>
         <td style="text-align: center;">→
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki\private</i></td>
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki\private</i></td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Client and Server certificates</td>
         <td>Client and Server certificates</td>
         <td style="text-align: center;">→</th>
         <td style="text-align: center;">→
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki\issued</i></td>
         <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki\issued</i></td>
     </tr>
     </tr>
</table>
</table>

Revision as of 23:26, 27 November 2020

Step 3: generating certificates and keys

  • Now we can start generating the certificates and keys. Begin with the certificate authority (CA) - the root certificate file that will be used to sign other certificates and keys:
    ./easyrsa build-ca nopass
  • Next, build the server certificate and key:
    ./easyrsa build-server-full server nopass
  • Next, build certificates and keys for the clients:
    ./easyrsa build-client-full Client1 nopass
    Note: replace Client1 with this client's Common Name (CN). Omit "nopass" and you will be prompted to choose the client's password.

  • Lastly, generate Diffie Hellman parameters:
    ./easyrsa gen-dh

The generated and signed files should appear in the following directories (by default):

File(s) Location
CA certificate C:\Program Files\OpenVPN\easy-rsa\pki
Diffie-Hellman parameters C:\Program Files\OpenVPN\easy-rsa\pki
Client and Server keys C:\Program Files\OpenVPN\easy-rsa\pki\private
Client and Server certificates C:\Program Files\OpenVPN\easy-rsa\pki\issued