CA
From Whitespace (Hackerspace Gent)
(Difference between revisions)
(Created page with "== 0x20 CA == * Used for OpenVPN .") |
(→0x20 CA) |
||
| Line 1: | Line 1: | ||
| − | + | = 0x20 CA = | |
| − | * Used for [[OpenVPN]] . | + | * CA with OpenSSL |
| + | ** all flat files in 1 directory | ||
| + | ** can easily be transported on an encrypted filesystem | ||
| + | * Used for [[OpenVPN]] authentication | ||
| + | |||
| + | == openssl.cnf == | ||
| + | Check the openssl.cnf file with the 0x20 specific values: | ||
| + | * root ca is valid for 15 years | ||
| + | * certificates are valid for 5 years | ||
| + | * DN: C=BE, ST=Ghent, L=Whitespace, O=0x20, CN=0x20 root ca | ||
| + | * nsCaRevocationUrl = http://www.0x20.be/ca-0x20-crl.pem | ||
| + | * extendedKeyUsage=serverAuth (server certs) | ||
| + | * extendedKeyUsage=clientAuth (client certs) | ||
| + | |||
| + | == Create a CA == | ||
| + | * based on http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php | ||
| + | $ openssl req -new -x509 -days 5475 -newkey rsa:4096 -extensions v3_ca -keyout private/ca-0x20-key.pem -out ca-0x20-cert.pem -config ./openssl.cnf | ||
Revision as of 02:57, 6 November 2011
0x20 CA
- CA with OpenSSL
- all flat files in 1 directory
- can easily be transported on an encrypted filesystem
- Used for OpenVPN authentication
openssl.cnf
Check the openssl.cnf file with the 0x20 specific values:
- root ca is valid for 15 years
- certificates are valid for 5 years
- DN: C=BE, ST=Ghent, L=Whitespace, O=0x20, CN=0x20 root ca
- nsCaRevocationUrl = http://www.0x20.be/ca-0x20-crl.pem
- extendedKeyUsage=serverAuth (server certs)
- extendedKeyUsage=clientAuth (client certs)
Create a CA
$ openssl req -new -x509 -days 5475 -newkey rsa:4096 -extensions v3_ca -keyout private/ca-0x20-key.pem -out ca-0x20-cert.pem -config ./openssl.cnf
