libreswan IPSEC的OpenSSL等价
libreswan IPSEC的OpenSSL等价
提问于 2018-04-09 13:17:46
我有以下生成证书的ipsec命令,但我没有安装ipsec,因此需要使用openssl等价物。有人能帮忙吗?
创建证书颁发机构证书
ipsec pki --gen --type rsa --size 4096 --outform pem > server-root-key.pem
ipsec pki --self --ca --lifetime 3650 \
--in server-root-key.pem \
--type rsa --dn "C=GB, O=Self Signed, CN=VPN Server Root CA" \
--outform pem > server-root-ca.pem创建vpn服务器证书
ipsec pki --gen --type rsa --size 4096 --outform pem > vpn-server-key.pem
ipsec pki --pub --in vpn-server-key.pem \
--type rsa | ipsec pki --issue --lifetime 1825 \
--cacert /etc/swanctl/x509ca/server-root-ca.pem \
--cakey /etc/swanctl/private/server-root-key.pem \
--dn "C=GB, O=Self signed, CN=vpnserver" \
--san vpnserver \
--san dns:18.130.12.85 \
--flag serverAuth --flag ikeIntermediate \
--outform pem > vpn-server-cert.pem创建用户证书
ipsec pki --gen --type rsa --size 4096 --outform pem > vpn-$USER-key.pem
ipsec pki --pub --in vpn-$USER-key.pem \
--type rsa | ipsec pki --issue --lifetime 1825 \
--cacert /etc/swanctl/x509ca/server-root-ca.pem \
--cakey /etc/swanctl/private/server-root-key.pem \
--dn "C=GB, O=Self signed, CN=$USER" \
--san $USER \
--outform pem > vpn-$USER-cert.pem回答 1
Server Fault用户
发布于 2018-04-09 16:27:39
我花了3个小时才弄到这个,所以这里给你节省了时间:
################### Create certificate authority cert
openssl req -new -x509 -days 3650 \
-newkey rsa:4096 -nodes \
-subj "/C=GB/O=Self Signed/CN=VPN Server Root CA" \
-keyout private/server-root-key.pem -out x509ca/server-root-ca.pem
################### Create vpn server cert
openssl req -new -newkey rsa:4096 -nodes \
-subj "/C=GB/O=Self Signed/CN=vpnserver" \
-keyout private/vpn-server-key.pem -out x509/vpn-server-cert.pem
openssl x509 -req -in x509/vpn-server-cert.pem -days 1095 \
-CA x509ca/server-root-ca.pem -CAkey private/server-root-key.pem -CAcreateserial \
-out x509/vpn-server-cert.pem \
-extensions req_ext -extfile <(
cat <页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/906748
复制相关文章
相似问题
腾讯云开发者
