Context Navigation

Version 10 (modified by tct, 2 years ago) (diff)
--

Expanding EasyRSA3 for OpenSSL3 compatibility

Details:

Notes:

The output folder /home/tct/git/easy-rsa/tct-fork/easyrsa3/pki/easy-rsa-*
(Which is a temporary folder) has been replaced here with the term: /out-dir.
The input folder /home/tct/git/easy-rsa/tct-fork
(Which is the location of easyrsa and the PKI) has been replaced here with the term: /in-dir.

Generate CA key - RSA

openssl genrsa -out /out-dir   2048

Sign request - RSA/EC/ED (All identical)

openssl req -config /out-dir -utf8 -new -key /out-dir -keyout /out-dir -out /out-dir -x509 -days 3650

Generate server key - RSA

openssl req -config /out-dir -utf8 -new -newkey rsa:2048 -keyout /out-dir -out /out-dir -nodes -batch

Generate server request - RSA

openssl req -config /out-dir -in /in-dir/pki/reqs/server.req -noout

Sign server request - RSA

openssl ca -config /out-dir -utf8 -in /in-dir/easyrsa3/pki/reqs/server.req -out /out-dir -extfile /out-dir -days 825 -batch

Generate client key - RSA (Duplicate of server)

openssl req -config /out-dir -utf8 -new -newkey rsa:2048 -keyout /out-dir -out /out-dir -nodes -batch

Generate client request - RSA (Duplicate of server)

openssl req -config /out-dir -in /in-dir/pki/reqs/client.req -noout

Sign client request - RSA (Duplicate of server)

openssl ca -config /out-dir -utf8 -in /in-dir/pki/reqs/client.req -out /out-dir -extfile /out-dir -days 825 -batch

openssl dhparam -out /in-dir/pki/dh.pem 2048

openssl ca -config /out-dir -utf8 -gencrl -out /out-dir

Generate CA key - EC

openssl ec -out /out-dir   2048

Generate CA key - ED

openssl genpkey -algorithm ED25519 -out /out-dir