Difference between revisions of "Template:Generating certificates and keys"
From Teltonika Networks Wiki
| (4 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
==Step 3: generating certificates and keys== | ==Step 3: generating certificates and keys== | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
<ul> | <ul> | ||
<li>Now we can start generating the certificates and keys. Begin with the <b>certificate authority</b> (<b>CA</b>) - the root certificate file that will be used to sign other certificates and keys:<pre>./easyrsa build-ca nopass</pre></li> | <li>Now we can start generating the certificates and keys. Begin with the <b>certificate authority</b> (<b>CA</b>) - the root certificate file that will be used to sign other certificates and keys:<pre>./easyrsa build-ca nopass</pre></li> | ||
<li>Next, build the <b>server</b> certificate and key:<pre>./easyrsa build-server-full server nopass</pre></li> | <li>Next, build the <b>server</b> certificate and key:<pre>./easyrsa build-server-full server nopass</pre></li> | ||
| − | <li>Next, build certificates and keys for the <b>clients</b>:<pre>./easyrsa build-client-full Client1 nopass</pre><font size="-1"><b>Note</b>: replace <i>Client1</i> with this client's Common Name (CN).</font><br><br></li> | + | <li>Next, build certificates and keys for the <b>clients</b>:<pre>./easyrsa build-client-full Client1 nopass</pre><font size="-1"><b>Note</b>: replace <i>Client1</i> with this client's Common Name (CN). Omit "nopass" and you will be prompted to choose the client's password.</font><br><br></li> |
<li>Lastly, generate <b>Diffie Hellman parameters</b>:<pre>./easyrsa gen-dh</pre></li> | <li>Lastly, generate <b>Diffie Hellman parameters</b>:<pre>./easyrsa gen-dh</pre></li> | ||
</ul> | </ul> | ||
| + | ---- | ||
| + | The generated and signed files should appear in the following directories (by default): | ||
| + | |||
| + | <table class="nd-othertables_3"> | ||
| + | <tr> | ||
| + | <th width="200">File(s)</th> | ||
| + | <th width="50" style="text-align: center;"></th> | ||
| + | <th width="330" style="text-align: right;">Location</th> | ||
| + | <tr> | ||
| + | <td>CA certificate</td> | ||
| + | <td style="text-align: center;">→</td> | ||
| + | <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki</i></td> | ||
| + | </tr> | ||
| + | <tr> | ||
| + | <td>Diffie-Hellman parameters</td> | ||
| + | <td style="text-align: center;">→</td> | ||
| + | <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki</i></td> | ||
| + | </tr> | ||
| + | <tr> | ||
| + | <td>Client and Server keys</td> | ||
| + | <td style="text-align: center;">→</td> | ||
| + | <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki\private</i></td> | ||
| + | </tr> | ||
| + | <tr> | ||
| + | <td>Client and Server certificates</td> | ||
| + | <td style="text-align: center;">→</td> | ||
| + | <td style="text-align: right;"><i>C:\Program Files\OpenVPN\easy-rsa\pki\issued</i></td> | ||
| + | </tr> | ||
| + | </table> | ||
Latest revision as of 18:38, 6 March 2022
Step 3: generating certificates and keys
- Now we can start generating the certificates and keys. Begin with the certificate authority (CA) - the root certificate file that will be used to sign other certificates and keys:
./easyrsa build-ca nopass
- Next, build the server certificate and key:
./easyrsa build-server-full server nopass
- Next, build certificates and keys for the clients:
./easyrsa build-client-full Client1 nopass
Note: replace Client1 with this client's Common Name (CN). Omit "nopass" and you will be prompted to choose the client's password. - Lastly, generate Diffie Hellman parameters:
./easyrsa gen-dh
The generated and signed files should appear in the following directories (by default):
| File(s) | Location | |
|---|---|---|
| CA certificate | → | C:\Program Files\OpenVPN\easy-rsa\pki |
| Diffie-Hellman parameters | → | C:\Program Files\OpenVPN\easy-rsa\pki |
| Client and Server keys | → | C:\Program Files\OpenVPN\easy-rsa\pki\private |
| Client and Server certificates | → | C:\Program Files\OpenVPN\easy-rsa\pki\issued |
