Инструменты пользователя

Инструменты сайта


unix:easy-rsa3

easy-rsa3 Создаем CA и сертификаты сервера / клиентов

alexey@G580:~/easy-rsa3$ ./easyrsa init-pki
Note: using Easy-RSA configuration from: ./vars


WARNING!!!

You are about to remove the EASYRSA_PKI at: /home/alexey/easy-rsa3/pki
and initialize a fresh PKI here.

Type the word 'yes' to continue, or any other input to abort.
  Confirm removal: yes

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /home/alexey/easy-rsa3/pki
alexey@G580:~/easy-rsa3$ ./easyrsa build-ca nopass
Note: using Easy-RSA configuration from: ./vars
Generating a 1024 bit RSA private key
.................................................++++++
...........................++++++
writing new private key to '/home/alexey/easy-rsa3/pki/private/ca.key.bCkOk6a51X'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:td-dv

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/home/alexey/easy-rsa3/pki/ca.crt
alexey@G580:~/easy-rsa3$ ./easyrsa build-server-full server nopass
Note: using Easy-RSA configuration from: ./vars
Generating a 1024 bit RSA private key
...............................................................++++++
...............++++++
writing new private key to '/home/alexey/easy-rsa3/pki/private/server.key.7aDSexTetL'
-----
Using configuration from /home/alexey/easy-rsa3/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :PRINTABLE:'server'
Certificate is to be certified until May 19 01:01:22 2027 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
alexey@G580:~/easy-rsa3$ ./easyrsa build-client-full leonchik nopass
Note: using Easy-RSA configuration from: ./vars
Generating a 1024 bit RSA private key
...................................................++++++
...............................................................++++++
writing new private key to '/home/alexey/easy-rsa3/pki/private/leonchik.key.ddMAh3Oi7B'
-----
Using configuration from /home/alexey/easy-rsa3/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :PRINTABLE:'leonchik'
Certificate is to be certified until May 19 01:02:22 2027 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
unix/easy-rsa3.txt · Последние изменения: Sun, 21 May 2017 11:11 — root