侧边栏壁纸
  • 累计撰写 49 篇文章
  • 累计创建 29 个标签
  • 累计收到 6 条评论

目 录CONTENT

文章目录

openvpn 追加 client 证书

JHL&WWZ
2024-08-07 / 0 评论 / 0 点赞 / 53 阅读 / 550 字 / 正在检测是否收录...
# 查找 build-key 装在了哪里,用 2.0 的
[root@test-machine ~]# find / -name build-key
/usr/local/easy-rsa-old-master/easy-rsa/1.0/build-key
/usr/local/easy-rsa-old-master/easy-rsa/2.0/build-key

# 进入目录
[root@test-machine ~]# cd /usr/local/easy-rsa-old-master/easy-rsa/2.0/
[root@test-machine 2.0]# ls
build-ca  build-inter  build-key-pass    build-key-server  build-req-pass  inherit-inter  list-crl           openssl-0.9.8.cnf  pkitool      sign-req  whichopensslcnf
build-dh  build-key    build-key-pkcs12  build-req         clean-all       keys           openssl-0.9.6.cnf  openssl-1.0.0.cnf  revoke-full  vars

# 新建一个证书 clientnexus ,报错
[root@test-machine 2.0]# ./build-key clientnexus
  Please edit the vars script to reflect your configuration,
  then source it with "source ./vars".
  Next, to start with a fresh PKI configuration and to delete any
  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool (pkitool) to build certificates/keys.

# 按提示运行 source ./vars
[root@test-machine 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/local/easy-rsa-old-master/easy-rsa/2.0/keys

# 再创建证书,一路回车,直到最后输入两次 y
[root@test-machine 2.0]# ./build-key clientnexus
Generating a 4096 bit RSA private key
...................................++
...............................................................................................................................................++
writing new private key to 'clientnexus.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [cn]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [qijiangtech]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [clientnexus]:
Name [changeme]:
Email Address [me@myhost.mydomain]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/local/easy-rsa-old-master/easy-rsa/2.0/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'cn'
stateOrProvinceName   :PRINTABLE:'BJ'
localityName          :PRINTABLE:'BJ'
organizationName      :PRINTABLE:'qijiangtech'
organizationalUnitName:PRINTABLE:'changeme'
commonName            :PRINTABLE:'clientnexus'
name                  :PRINTABLE:'changeme'
emailAddress          :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Aug  5 00:52:56 2034 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@test-machine 2.0]#  

# 在 keys 文件夹中可以查看到证书
[root@test-machine 2.0]# ls keys/
0

评论区