====== easy-rsa3 Создаем CA и сертификаты сервера / клиентов ====== alexey@G580:~/easy-rsa3$ ./easyrsa init-pki Note: using Easy-RSA configuration from: ./vars WARNING!!! You are about to remove the EASYRSA_PKI at: /home/alexey/easy-rsa3/pki and initialize a fresh PKI here. Type the word 'yes' to continue, or any other input to abort. Confirm removal: yes init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /home/alexey/easy-rsa3/pki alexey@G580:~/easy-rsa3$ ./easyrsa build-ca nopass Note: using Easy-RSA configuration from: ./vars Generating a 1024 bit RSA private key .................................................++++++ ...........................++++++ writing new private key to '/home/alexey/easy-rsa3/pki/private/ca.key.bCkOk6a51X' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [Easy-RSA CA]:td-dv CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: /home/alexey/easy-rsa3/pki/ca.crt alexey@G580:~/easy-rsa3$ ./easyrsa build-server-full server nopass Note: using Easy-RSA configuration from: ./vars Generating a 1024 bit RSA private key ...............................................................++++++ ...............++++++ writing new private key to '/home/alexey/easy-rsa3/pki/private/server.key.7aDSexTetL' ----- Using configuration from /home/alexey/easy-rsa3/openssl-1.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :PRINTABLE:'server' Certificate is to be certified until May 19 01:01:22 2027 GMT (3650 days) Write out database with 1 new entries Data Base Updated alexey@G580:~/easy-rsa3$ ./easyrsa build-client-full leonchik nopass Note: using Easy-RSA configuration from: ./vars Generating a 1024 bit RSA private key ...................................................++++++ ...............................................................++++++ writing new private key to '/home/alexey/easy-rsa3/pki/private/leonchik.key.ddMAh3Oi7B' ----- Using configuration from /home/alexey/easy-rsa3/openssl-1.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :PRINTABLE:'leonchik' Certificate is to be certified until May 19 01:02:22 2027 GMT (3650 days) Write out database with 1 new entries Data Base Updated