Download easyrsa

git clone https://github.com/OpenVPN/easy-rsa
sudo ln -s /home/sonnyyu/easy-rsa/easyrsa3/easyrsa /usr/bin/easyrsa

Test it:

easyrsa

Down load software:

git clone https://github.com/sonnyyu/mtls-cert-manage/
cd ~/mtls-cert-manage/pki

init-pki & build ca

easyrsa init-pki
easyrsa build-ca

Update capassfile base on password use at build-ca

nano capassfile

Build server pem for splunk

./splunk.sh

Build server pem for Haproxy

./haproxy.sh

Build client pem without password

./client.sh

to do

easy-rsa --subject-alt-name="DNS:www.test.com,IP:192.168.1.204"  build-server-full localhost nopass
easy-rsa build-client-full client1 
easy-rsa export-p12  client1

Copy all the certificate to local directory

export workdir=~/mtls-cert-manage
sudo -E cp $workdir/pki/pki/ca.crt $workdir/certs 
sudo -E cp $workdir/pki/pki/private/client1.key $workdir/certs
sudo -E cp $workdir/pki/pki/private/client1.p12 $workdir/certs
sudo -E cp $workdir/pki/pki/issued/client1.crt $workdir/certs
sudo -E cp $workdir/pki/pki/private/localhost.key  $workdir/certs
sudo -E cp $workdir/pki/pki/issued/localhost.crt $workdir/certs
cd $workdir/certs
sudo chmod 644  *

Make server certificate for 192.168.1.203

easy-rsa --subject-alt-name="DNS:www.test.com,IP:192.168.1.203"  build-server-full 192.168.1.203 nopass
export workdir=~/mtls-cert-manage
sudo -E cp $workdir/pki/pki/private/192.168.1.203.key  $workdir/certs
sudo -E cp $workdir/pki/pki/issued/192.168.1.203.crt $workdir/certs
cd $workdir/certs
sudo chmod 644  *
# show  certificate
openssl x509 -in  192.168.1.203.crt -text
# add password into private key
openssl rsa -aes256 -in 192.168.1.203.key -out 192.168.1.203.pw.key
# convert crt to pem
openssl x509 -inform PEM -in 192.168.1.203.crt > 192.168.1.203.pem

Note:

client1.p12 is client p12 file (client certificate)
ca.crt is CA Certificate

Install Certificate at Windows

How to import CA Certificate in Windows
How to import client certificate to the Chrome
How to import client certificate to the Firefox
How to import client certificate to the Microsoft Edge

Install Certificate at Mac OS X

How to import CA Certificate in Mac OS X
How to import client certificate to the Chrome Mac OS X
How to import client certificate to the Firefox Mac OS X
How to import client certificate to the Safari Mac OS X

Install Certificate at Linux (Ubuntu, Debian)

How to import CA Certificate in Linux (Ubuntu, Debian)

Install Certificate at Linux (CentOS, Red Hat)

How to import CA Certificate in Linux (CentOS, Red Hat)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Download easyrsa

Test it:

Down load software:

init-pki & build ca

Update capassfile base on password use at build-ca

Build server pem for splunk

Build server pem for Haproxy

Build client pem without password

to do

Copy all the certificate to local directory

Make server certificate for 192.168.1.203

Install Certificate at Windows

Install Certificate at Mac OS X

Install Certificate at Linux (Ubuntu, Debian)

Install Certificate at Linux (CentOS, Red Hat)

Files

README.md

Latest commit

History

README.md

File metadata and controls

Download easyrsa

Test it:

Down load software:

init-pki & build ca

Update capassfile base on password use at build-ca

Build server pem for splunk

Build server pem for Haproxy

Build client pem without password

to do

Copy all the certificate to local directory

Make server certificate for 192.168.1.203

Install Certificate at Windows

Install Certificate at Mac OS X

Install Certificate at Linux (Ubuntu, Debian)

Install Certificate at Linux (CentOS, Red Hat)