GnuTLS CA Scripts

Project: https://github.com/sskaje/gnutls-ca

GnuTLS CA Scripts by @sskaje: https://sskaje.me/2015/12/gnutls-ca-scripts/

GnuTLS Certificate Authority Commands

Apple has its own certtool, GnuTLS’ certtool is renamed as gnutls-certtool in MacPorts.

Create Private Key

GnuTLS

OpenSSL

Create Certificate Request

GnuTLS

You can also create your own template file rather than filling interactively.

OpenSSL

Sign request

GnuTLS

OpenSSL

I don’t like openssl.cnf!

Show certificate information

GnuTLS

OpenSSL

Export as A PKCS#12

GnuTLS

OpenSSL

Extract Keys And Certificates from PKCS#12

GnuTLS

I don’t know how…
You can manually copy from –p12-info

OpenSSL

Show PKCS#12 Structure

GnuTLS

OpenSSL

GnuTLS Certificate Authority Commands by @sskaje: https://sskaje.me/2015/12/gnutls-certificate-authority-commands/

Incoming search terms:

Easy-RSA 3 HowTo

OpenVPN 自带了一套CA相关的脚本,乱七八糟的,用起来并没觉得有多easy,不过新版把文件整合了,github: https://github.com/OpenVPN/easy-rsa
Easy-RSA 3.0 今天刚Release。

配置

配置起来比较简单,把下列文件放在同一个目录里即可,或者下载官方的release,直接改名 vars.example 为 vars。

  • easyrsa
  • openssl-1.0.cnf
  • vars
  • x509-types

以前的版本,需要修改vars文件,然后 source 加载一下,新版本可以用 –vars=/path/to/vars 或者完全靠命令行参数传参。
vars文件需要配置,可以看文件注释,给一个参考的版本。

Continue reading “Easy-RSA 3 HowTo” »

Easy-RSA 3 HowTo by @sskaje: https://sskaje.me/2015/09/easy-rsa-3-howto/

Incoming search terms:

Generate Certificate with GnuTLS and Sign with OpenSSL

In iOS IPSec VPN Server on Ubuntu, I create a local CA with openssl.
I’m setting up an OpenConnect VPN, which uses GnuTLS’s certtool generating ca and sign certificates.

I want to use share the same Root CA for both OpenSSL and GnuTLS, so I’m generating request from GnuTLS and signing with OpenSSL.
Apple has it’s own certtool different from GnuTLS, the MacPorts one is named as gnutls-certtool

Prepare

Create private key

Continue reading “Generate Certificate with GnuTLS and Sign with OpenSSL” »

Generate Certificate with GnuTLS and Sign with OpenSSL by @sskaje: https://sskaje.me/2014/02/generate-certificate-gnutls-sign-openssl/

Incoming search terms: