Skip to content

sonnyyu/mtls-cert-manage

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits
 
 
 
 
 
 

Repository files navigation

Download easyrsa

git clone https://github.com/OpenVPN/easy-rsa
sudo ln -s /home/sonnyyu/easy-rsa/easyrsa3/easyrsa /usr/bin/easyrsa

Test it:

easyrsa

Down load software:

git clone https://github.com/sonnyyu/mtls-cert-manage/

init-pki & build ca

cd ~/mtls-cert-manage/pki
easyrsa init-pki
easyrsa gen-dh
easyrsa build-ca

Update capassfile base on password use at build-ca

nano capassfile

Build server pem for Splunk

./splunk.sh

Build server pem for Haproxy

./haproxy.sh

Update p12passfile base on password use for p12 export

nano p12passfile

Build client pem without private key password

./client.sh

Update cppassfile base on password use for client private key

nano cppassfile

Build client pem with private key password

./clientpw.sh

Note:

  • client1.p12 is client p12 file (client certificate)
  • ca.crt is CA Certificate

Install Certificate at Windows

Install Certificate at Mac OS X

Install Certificate at Linux (Ubuntu, Debian)

Install Certificate at Linux (CentOS, Red Hat)

Secure TLS protocol and cipher configurations for webservers can be generated using Mozilla's SSL Configuration Generator. All supported browsers and the Mobile apps are known to work with the "Modern" configuration.