Skip to content

Latest commit

 

History

History
73 lines (66 loc) · 2.7 KB

README.md

File metadata and controls

73 lines (66 loc) · 2.7 KB

Download easyrsa

git clone https://github.com/OpenVPN/easy-rsa
sudo ln -s /home/sonnyyu/easy-rsa/easyrsa3/easyrsa /usr/bin/easyrsa

Test it:

easyrsa

Down load software:

git clone https://github.com/sonnyyu/mtls-cert-manage/

init-pki & build ca

cd ~/mtls-cert-manage/pki
easyrsa init-pki
easyrsa gen-dh
easyrsa build-ca

Update capassfile base on password use at build-ca

nano capassfile

Build server pem for Splunk

./splunk.sh

Build server pem for Haproxy

./haproxy.sh

Update p12passfile base on password use for p12 export

nano p12passfile

Build client pem without private key password

./client.sh

Update cppassfile base on password use for client private key

nano cppassfile

Build client pem with private key password

./clientpw.sh

Note:

  • client1.p12 is client p12 file (client certificate)
  • ca.crt is CA Certificate

Install Certificate at Windows

Install Certificate at Mac OS X

Install Certificate at Linux (Ubuntu, Debian)

Install Certificate at Linux (CentOS, Red Hat)

Secure TLS protocol and cipher configurations for webservers can be generated using Mozilla's SSL Configuration Generator. All supported browsers and the Mobile apps are known to work with the "Modern" configuration.