wiki:creating_ca_and_signing_server_and_client_certs_with_openssl
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2023/03/21 15:04] – [Additional extensions] add no prompt configuration antisa | wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2024/04/09 14:08] (current) – [Creating CA and signing server and client certs with openssl] add link to readme antisa | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | {{tag> | + | {{tag> |
====== Creating CA and signing server and client certs with openssl ====== | ====== Creating CA and signing server and client certs with openssl ====== | ||
Can be used for anything that requires SSL certs, including stunnel certs. | Can be used for anything that requires SSL certs, including stunnel certs. | ||
For stunnel certs client cert should be concatenated to the CA server file (rootCA.crt below) on the stunnel server. | For stunnel certs client cert should be concatenated to the CA server file (rootCA.crt below) on the stunnel server. | ||
+ | |||
+ | Also see [[https:// | ||
===== Configuring your CA ===== | ===== Configuring your CA ===== | ||
Line 100: | Line 102: | ||
</ | </ | ||
===== Create a SSL Client certificate ===== | ===== Create a SSL Client certificate ===== | ||
+ | |||
+ | <WRAP center round tip 60%> | ||
+ | To use the client certificate in Firefox you need to export it to the correct format like so | ||
+ | |||
+ | openssl pkcs12 -export -in certs/ | ||
+ | |||
+ | Then you can import it via Settings > Security > View certificates > Import. | ||
+ | Also the server config needs to be added, e.g. for nginx | ||
+ | server { | ||
+ | ... | ||
+ | ssl_verify_client on; | ||
+ | ssl_client_certificate / | ||
+ | ... | ||
+ | </ | ||
==== Create private key for the client without passphrase ==== | ==== Create private key for the client without passphrase ==== | ||
Line 218: | Line 234: | ||
====== References ====== | ====== References ====== | ||
* http:// | * http:// | ||
+ | * [[https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
wiki/creating_ca_and_signing_server_and_client_certs_with_openssl.1679407466.txt.gz · Last modified: 2023/03/21 15:04 by antisa