Changes between Version 10 and Version 11 of EasyRSA3-Insecure-PKI


Ignore:
Timestamp:
12/20/13 06:13:35 (5 years ago)
Author:
JoshC
Comment:

keep client/server items together

Legend:

Unmodified
Added
Removed
Modified
  • EasyRSA3-Insecure-PKI

    v10 v11  
    3737  a. '''WARNING''': if this key is '''ever''' accessed, the person with access will be able to impersonate your server
    3838
    39 5. Build a client keypair, required for each client (key encrypted -- remember and TREAT THIS PASSPHRASE WITH CARE) with:
     395. Generate a server DH key (not security-sensitive) with:
     40{{{
     41./easyrsa gen-dh
     42}}}
     43
     446. Send the server.key, server.crt, ca.crt, and dh.pem to your server
     45  a. '''WARNING''': if this key is '''ever''' cloned in transit, the person with access will be able to impersonate your server
     46
     477. Build a client keypair, required for each client (key encrypted -- remember and TREAT THIS PASSPHRASE WITH CARE) with:
    4048{{{
    4149./easyrsa build-client-full client1
    4250}}}
    4351  a. '''WARNING''': if this key is '''ever''' accessed, the person with access can attempt a passphrase search or brute-force attempt on the key. If successful, the attacker will be able to impersonate your client
    44 
    45 6. Generate a server DH key (not security-sensitive) with:
    46 {{{
    47 ./easyrsa gen-dh
    48 }}}
    49 
    50 7. Send the server.key, server.crt, ca.crt, and dh.pem to your server
    51   a. '''WARNING''': if this key is '''ever''' cloned in transit, the person with access will be able to impersonate your server
    5252
    53538. Send the client key, client crt, and ca.crt to your client.