Version 6 (modified by 2 years ago) (diff) | ,
---|
Expanding EasyRSA3 for OpenSSL3 compatibility
Details:
- The idea is to translate each OpenSSL 1x command to its OpenSSL 3x equivalent.
Notes:
- The output folder
/home/tct/git/easy-rsa/tct-fork/easyrsa3/pki/easy-rsa-*
(Which is a temporary folder) has been replaced here with the term:/out-dir
. - The input folder
/home/tct/git/easy-rsa/tct-fork
(Which is the location ofeasyrsa
and the PKI) has been replaced here with the term:/in-dir
.
RSA MODE: Openssl 1.x commands
Build CA build-ca nopass
Generate CA key - RSA
openssl genrsa -out /out-dir 2048
Sign request - RSA/EC/ED (All identical)
openssl req -config /out-dir -utf8 -new -key /out-dir -keyout /out-dir -out /out-dir -x509 -days 3650
Build Server build-server-full server nopass
Generate server key - RSA
openssl req -config /out-dir -utf8 -new -newkey rsa:2048 -keyout /out-dir -out /out-dir -nodes -batch
Generate server request - RSA
openssl req -config /out-dir -in /in-dir/pki/reqs/server.req -noout
Sign server request - RSA
openssl ca -config /out-dir -utf8 -in /in-dir/easyrsa3/pki/reqs/server.req -out /out-dir -extfile /out-dir -days 825 -batch
- Note:
-extfile /out-dir
is an input file from theout-dir
location.
Build Client build-client-full client nopass
Generate client key - RSA (Duplicate of server)
openssl req -config /out-dir -utf8 -new -newkey rsa:2048 -keyout /out-dir -out /out-dir -nodes -batch
Generate client request - RSA (Duplicate of server)
openssl req -config /out-dir -in /in-dir/pki/reqs/client.req -noout
Sign client request - RSA (Duplicate of server)
openssl ca -config /out-dir -utf8 -in /in-dir/pki/reqs/client.req -out /out-dir -extfile /out-dir -days 825 -batch
- Note:
-extfile /out-dir
is an input file from theout-dir
location.
EC and ED modes (To be completed)
Generate CA key - EC
openssl ec -out /out-dir 2048
Generate CA key - ED
openssl genpkey -algorithm ED25519 -out /out-dir