Changes between Version 10 and Version 11 of EasyRSA3-Insecure-PKI
- Timestamp:
- 12/20/13 06:13:35 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
EasyRSA3-Insecure-PKI
v10 v11 37 37 a. '''WARNING''': if this key is '''ever''' accessed, the person with access will be able to impersonate your server 38 38 39 5. Build a client keypair, required for each client (key encrypted -- remember and TREAT THIS PASSPHRASE WITH CARE) with: 39 5. Generate a server DH key (not security-sensitive) with: 40 {{{ 41 ./easyrsa gen-dh 42 }}} 43 44 6. Send the server.key, server.crt, ca.crt, and dh.pem to your server 45 a. '''WARNING''': if this key is '''ever''' cloned in transit, the person with access will be able to impersonate your server 46 47 7. Build a client keypair, required for each client (key encrypted -- remember and TREAT THIS PASSPHRASE WITH CARE) with: 40 48 {{{ 41 49 ./easyrsa build-client-full client1 42 50 }}} 43 51 a. '''WARNING''': if this key is '''ever''' accessed, the person with access can attempt a passphrase search or brute-force attempt on the key. If successful, the attacker will be able to impersonate your client 44 45 6. Generate a server DH key (not security-sensitive) with:46 {{{47 ./easyrsa gen-dh48 }}}49 50 7. Send the server.key, server.crt, ca.crt, and dh.pem to your server51 a. '''WARNING''': if this key is '''ever''' cloned in transit, the person with access will be able to impersonate your server52 52 53 53 8. Send the client key, client crt, and ca.crt to your client.