Differences

This shows you the differences between two versions of the page.

--- wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2023/03/21 15:07] – [References] add references antisa
+++ wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2024/04/09 14:08] (current) – [Creating CA and signing server and client certs with openssl] add link to readme antisa
@@ Line 1: / Line 1: @@
-{{tag>ssl}}
+{{tag>ssl certificates}}
 ====== Creating CA and signing server and client certs with openssl ======
 Can be used for anything that requires SSL certs, including stunnel certs.
 For stunnel certs client cert should be concatenated to the CA server file (rootCA.crt below) on the stunnel server.
+Also see [[https://github.com/OpenVPN/easy-rsa|easy-rsa]] for a [[https://github.com/OpenVPN/easy-rsa/blob/master/README.quickstart.md|scripted way]] of doing below.
 ===== Configuring your CA =====
@@ Line 100: / Line 102: @@
 </code>
 ===== Create a SSL Client certificate =====
+<WRAP center round tip 60%>
+To use the client certificate in Firefox you need to export it to the correct format like so
+  openssl pkcs12 -export -in certs/client.crt -inkey private/client.key -out certs/client.p12
+Then you can import it via Settings > Security > View certificates > Import.
+Also the server config needs to be added, e.g. for nginx
+  server {
+  ...
+  ssl_verify_client on;
+  ssl_client_certificate /etc/nginx/rootCA.crt;
+  ...
+</WRAP>
 ==== Create private key for the client without passphrase ====
@@ Line 222: / Line 238: @@
   * https://www.openssl.org/docs/man1.1.1/man1/req.html
   * https://groups.google.com/g/mailing.openssl.users/c/kdCLWzJ5w1I
+  * https://www.ssltrust.com.au/help/setup-guides/client-certificate-authentication
+  * https://pavelevstigneev.medium.com/setting-nginx-with-letsencrypt-and-client-ssl-certificates-3ae608bb0e66