Differences

This shows you the differences between two versions of the page.

--- wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2024/04/02 13:33] – [Create a SSL Client certificate] add Firefox tip box about using client certs antisa
+++ wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2024/04/09 14:08] (current) – [Creating CA and signing server and client certs with openssl] add link to readme antisa
@@ Line 1: / Line 1: @@
-{{tag>ssl}}
+{{tag>ssl certificates}}
 ====== Creating CA and signing server and client certs with openssl ======
 Can be used for anything that requires SSL certs, including stunnel certs.
 For stunnel certs client cert should be concatenated to the CA server file (rootCA.crt below) on the stunnel server.
+Also see [[https://github.com/OpenVPN/easy-rsa|easy-rsa]] for a [[https://github.com/OpenVPN/easy-rsa/blob/master/README.quickstart.md|scripted way]] of doing below.
 ===== Configuring your CA =====
@@ Line 102: / Line 104: @@
 <WRAP center round tip 60%>
-To use the client certificat in Firefox you need to export it to the correct format like so
+To use the client certificate in Firefox you need to export it to the correct format like so
   openssl pkcs12 -export -in certs/client.crt -inkey private/client.key -out certs/client.p12
@@ Line 108: / Line 110: @@
 Then you can import it via Settings > Security > View certificates > Import.
 Also the server config needs to be added, e.g. for nginx
+  server {
   ...
   ssl_verify_client on;
@@ Line 235: / Line 238: @@
   * https://www.openssl.org/docs/man1.1.1/man1/req.html
   * https://groups.google.com/g/mailing.openssl.users/c/kdCLWzJ5w1I
+  * https://www.ssltrust.com.au/help/setup-guides/client-certificate-authentication
+  * https://pavelevstigneev.medium.com/setting-nginx-with-letsencrypt-and-client-ssl-certificates-3ae608bb0e66