editor
698
edits
FireBrick Road Warrior Certificates: Difference between revisions
FireBrick Road Warrior Certificates (view source)
Revision as of 00:00, 15 March 2017
, 15 March 2017clean up, typos fixed: ie: → i.e.:, eg: → e.g.: (4)
(Fix typo. Remove file renaming to the same) |
m (clean up, typos fixed: ie: → i.e.:, eg: → e.g.: (4)) |
||
|
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:
= Creating Certificates =
There are three tools to help with setting up Road Warrior connections on the FireBrick web site. You can download these
by viewing with a browser and saving the source, or using curl or wget
<SyntaxHighlight lang=bash>
#First install an up to date version of bash and openssl
#*
#Secondly, modify the make-* scripts to use the correct path,
== Certificate Authority ==
Then make a certificate file, and sign it using the ''key'' file. We'll call it <tt>ca-cert.pem</tt>. This involves several attributes in the DN (Distinguished name) which mostly don't matter much for your own certificate (/C=Country, /ST=State, /L=Locality, /O=OrganisationName, /CN=CommonName). Typically you would set just the CommonName, using your home or company name
(
./make-cert CA DN="/C=GB/O=My Office/CN=example.com" KEY=ca-key.pem ca-cert.pem
The private key associated with the CA certificate <tt>ca-key.pem</tt> is no longer needed once it has been used to sign
the server certificate. It is a good idea to store this file in a safe place (
remove it from any networked machine. It can of course be retrieved and reused if you wish to make further server
certificates using the same CA certificate.
[[Category:
| |||