======Sign SSL cetificate with own CA======
=====Configuration=====
====Create SSL certificate request in one line====
  openssl req -new -nodes -keyout cloud.key -out cloud.csr -subj "/C=NL/ST=ZH/L=Bergschenhoek/O=Helux/CN=cloud.mngt.bh.helux.nl"
  openssl req -new -nodes -keyout cloud.key -out cloud.csr -subj "/C=NL/ST=ZH/L=Bergschenhoek/O=Helux/CN=cloud.mngt.bh.helux.nl"-reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:cloud.mngt.bh.helux.nl"))
====CA server configuration====
Create P12 certificate
  openssl pkcs12 -export -out cacert.p12 -inkey key.pem -in cert.pem

====CA-server====
(ca.mngt.rtd.helux.nl)

  cd /opt
  mkdir ldap.mngt.ams.helux.nl

  openssl req -new -nodes -keyout ldap.mngt.ams.helux.nl/serverkey.pem -out ldap.mngt.ams.helux.nl/serverreq.pem
  openssl ca -days 730 -out ldap.mngt.ams.helux.nl/servercert.pem -keyfile ca.mngt.rtd.helux.nl/key.pem -cert ca.mngt.rtd.helux.nl/cert.pem -infiles ldap.mngt.ams.helux.nl/serverreq.pem

  scp servercert.pem root@ldap.mngt.ams.helux.nl:/etc/openldap/certs
  scp serverkey.pem root@ldap.mngt.ams.helux.nl:/etc/openldap/certs

for iOS/Juniper SSL VPN

  cd /opt
  mkdir ios_sslvpn
  openssl genrsa -out ios_sslvpn/devicekey.pem 4096
  openssl req -new -days 365 -key ios_sslvpn/devicekey.pem -out ios_sslvpn/devicecsr.pem -subj "/C=NL/ST=ZH/L=Bergschenhoek/O=Helux/CN=ios@helux.nl"
  openssl x509 -req -days 365 -in ios_sslvpn/devicecsr.pem -CA ca.mngt.rtd.helux.nl/cacert.pem -CAkey ca.mngt.rtd.helux.nl/key.pem -set_serial 01 -out ios_sslvpn/devicecert.pem
  openssl pkcs12 -export -out ios_sslvpn/device.p12 -inkey ios_sslvpn/devicekey.pem -in ios_sslvpn/devicecert.pem -certfile ios_sslvpn/devicecert.pem

====Juniper MAG====
Import CA certificate in Juniper MAG
  System > Configuration > Certificates > Trusted Client CAs > "Import CA Certificate..."

====iPhone/iPad====
Import p12 certificate in iOS using iPhone Configuration Utility

{{tag>linux}}