This package has been merged into nethserver-openvpn in NethServer 7.
Prepare CA environment: :
mkdir /var/lib/nethserver/certs
touch /var/lib/nethserver/certs/certindex.attr
touch /var/lib/nethserver/certs/certindex
echo 01 > /var/lib/nethserver/certs/serial
echo 01 > /var/lib/nethserver/certs/crlnumber
openssl dhparam -out /var/lib/nethserver/certs/dh1024.pem 1024Create a valid certificate:
- Create a CA (we already have it in NSRV.crt)
- Create a certificate signing request: this will create a csr file and a key file
- Sign the csr file
Esecute: :
/usr/libexec/nethserver/pki-vpn-gencert <commonName>- Revoke and save to CRL
Execute: :
/usr/libexec/nethserver/pki-vpn-revoke [-d] <commonName>If '-d' option is enabled, also delete crt, csr, pem and key files
Read crt informations: :
openssl x509 -text -in /root/test.crtCreate a pcks12: :
openssl pkcs12 -export -in test.crt -inkey test.key -certfile /etc/pki/tls/certs/NSRV.crt -name "test" -out test.p12Revoke a certificate: :
/usr/bin/openssl ca -revoke /var/lib/nethserver/certs/pippo2.crt -config /var/lib/nethserver/certs/ca.cnf
/usr/bin/openssl ca -gencrl -out /var/lib/nethserver/certs/crl.pem -config /var/lib/nethserver/certs/ca.cnf