FireBrick Road Warrior Certificates: Difference between revisions
Content deleted Content added
Fix typo. Remove file renaming to the same |
m clean up, typos fixed: ie: → i.e.:, eg: → e.g.: (4) |
||
| Line 1: | Line 1: | ||
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category: |
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator> |
||
= Creating Certificates = |
= Creating Certificates = |
||
There are three tools to help with setting up Road Warrior connections on the FireBrick web site. You can download these |
There are three tools to help with setting up Road Warrior connections on the FireBrick web site. You can download these |
||
by viewing with a browser and saving the source, or using curl or wget |
by viewing with a browser and saving the source, or using curl or wget e.g.: |
||
<SyntaxHighlight lang=bash> |
<SyntaxHighlight lang=bash> |
||
| Line 23: | Line 23: | ||
#First install an up to date version of bash and openssl |
#First install an up to date version of bash and openssl |
||
#* |
#*e.g. via homebrew (once homebrew is installed, <syntaxhighlight lang="bash" inline>brew install openssl</syntaxhighlight> and then <syntaxhighlight lang="bash" inline>brew install bash</syntaxhighlight> |
||
#Secondly, modify the make-* scripts to use the correct path, |
#Secondly, modify the make-* scripts to use the correct path, i.e.: <syntaxhighlight lang="bash" inline>#!/usr/local/bin/bash</syntaxhighlight> |
||
== Certificate Authority == |
== Certificate Authority == |
||
| Line 35: | Line 35: | ||
Then make a certificate file, and sign it using the ''key'' file. We'll call it <tt>ca-cert.pem</tt>. This involves several attributes in the DN (Distinguished name) which mostly don't matter much for your own certificate (/C=Country, /ST=State, /L=Locality, /O=OrganisationName, /CN=CommonName). Typically you would set just the CommonName, using your home or company name |
Then make a certificate file, and sign it using the ''key'' file. We'll call it <tt>ca-cert.pem</tt>. This involves several attributes in the DN (Distinguished name) which mostly don't matter much for your own certificate (/C=Country, /ST=State, /L=Locality, /O=OrganisationName, /CN=CommonName). Typically you would set just the CommonName, using your home or company name |
||
( |
(e.g. /CN=Acme Widget CA). |
||
./make-cert CA DN="/C=GB/O=My Office/CN=example.com" KEY=ca-key.pem ca-cert.pem |
./make-cert CA DN="/C=GB/O=My Office/CN=example.com" KEY=ca-key.pem ca-cert.pem |
||
| Line 59: | Line 59: | ||
The private key associated with the CA certificate <tt>ca-key.pem</tt> is no longer needed once it has been used to sign |
The private key associated with the CA certificate <tt>ca-key.pem</tt> is no longer needed once it has been used to sign |
||
the server certificate. It is a good idea to store this file in a safe place ( |
the server certificate. It is a good idea to store this file in a safe place (e.g. on a memory stick in a secure location), and |
||
remove it from any networked machine. It can of course be retrieved and reused if you wish to make further server |
remove it from any networked machine. It can of course be retrieved and reused if you wish to make further server |
||
certificates using the same CA certificate. |
certificates using the same CA certificate. |
||
| Line 88: | Line 88: | ||
[[Category: |
[[Category:FireBrick IPsec Road Warrior|Certificates]] |
||