git clone https://github.com/OpenVPN/easy-rsa
sudo ln -s /home/sonnyyu/easy-rsa/easyrsa3/easyrsa /usr/bin/easyrsa
easyrsa
git clone https://github.com/sonnyyu/mtls-cert-manage/
cd ~/mtls-cert-manage/pki
easyrsa init-pki
easyrsa gen-dh
easyrsa build-ca
nano capassfile
./splunk.sh
./haproxy.sh
nano p12passfile
./client.sh
nano cppassfile
./clientpw.sh
Note:
- client1.p12 is client p12 file (client certificate)
- ca.crt is CA Certificate
- How to import CA Certificate in Windows
- How to import client certificate to the Chrome
- How to import client certificate to the Firefox
- How to import client certificate to the Microsoft Edge
- How to import CA Certificate in Mac OS X
- How to import client certificate to the Chrome Mac OS X
- How to import client certificate to the Firefox Mac OS X
- How to import client certificate to the Safari Mac OS X
Secure TLS protocol and cipher configurations for webservers can be generated using Mozilla's SSL Configuration Generator. All supported browsers and the Mobile apps are known to work with the "Modern" configuration.