sign_ssl_certificates_with_own_ca
Table of Contents
Sign SSL cetificate with own CA
Configuration
Create SSL certificate request in one line
openssl req -new -nodes -keyout cloud.key -out cloud.csr -subj "/C=NL/ST=ZH/L=Bergschenhoek/O=Helux/CN=cloud.mngt.bh.helux.nl" openssl req -new -nodes -keyout cloud.key -out cloud.csr -subj "/C=NL/ST=ZH/L=Bergschenhoek/O=Helux/CN=cloud.mngt.bh.helux.nl"-reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:cloud.mngt.bh.helux.nl"))
CA server configuration
Create P12 certificate
openssl pkcs12 -export -out cacert.p12 -inkey key.pem -in cert.pem
CA-server
(ca.mngt.rtd.helux.nl)
cd /opt mkdir ldap.mngt.ams.helux.nl
openssl req -new -nodes -keyout ldap.mngt.ams.helux.nl/serverkey.pem -out ldap.mngt.ams.helux.nl/serverreq.pem openssl ca -days 730 -out ldap.mngt.ams.helux.nl/servercert.pem -keyfile ca.mngt.rtd.helux.nl/key.pem -cert ca.mngt.rtd.helux.nl/cert.pem -infiles ldap.mngt.ams.helux.nl/serverreq.pem
scp servercert.pem root@ldap.mngt.ams.helux.nl:/etc/openldap/certs scp serverkey.pem root@ldap.mngt.ams.helux.nl:/etc/openldap/certs
for iOS/Juniper SSL VPN
cd /opt mkdir ios_sslvpn openssl genrsa -out ios_sslvpn/devicekey.pem 4096 openssl req -new -days 365 -key ios_sslvpn/devicekey.pem -out ios_sslvpn/devicecsr.pem -subj "/C=NL/ST=ZH/L=Bergschenhoek/O=Helux/CN=ios@helux.nl" openssl x509 -req -days 365 -in ios_sslvpn/devicecsr.pem -CA ca.mngt.rtd.helux.nl/cacert.pem -CAkey ca.mngt.rtd.helux.nl/key.pem -set_serial 01 -out ios_sslvpn/devicecert.pem openssl pkcs12 -export -out ios_sslvpn/device.p12 -inkey ios_sslvpn/devicekey.pem -in ios_sslvpn/devicecert.pem -certfile ios_sslvpn/devicecert.pem
Juniper MAG
Import CA certificate in Juniper MAG
System > Configuration > Certificates > Trusted Client CAs > "Import CA Certificate..."
iPhone/iPad
Import p12 certificate in iOS using iPhone Configuration Utility
sign_ssl_certificates_with_own_ca.txt · Last modified: by herwarth
