User Tools

Site Tools

Trace: openstack_with_kolla sign_ssl_certificates_with_own_ca
sign_ssl_certificates_with_own_ca

This is an old revision of the document!

Table of Contents

Sign SSL cetificate with own CA

Configuration

CA-server

(ca.mngt.rtd.helux.nl) 

cd /opt
mkdir ldap.mngt.ams.helux.nl
openssl req -new -nodes -keyout ldap.mngt.ams.helux.nl/serverkey.pem -out ldap.mngt.ams.helux.nl/serverreq.pem
openssl ca -days 730 -out ldap.mngt.ams.helux.nl/servercert.pem -keyfile ca.mngt.rtd.helux.nl/key.pem -cert ca.mngt.rtd.helux.nl/cert.pem -infiles ldap.mngt.ams.helux.nl/serverreq.pem
scp servercert.pem root@ldap.mngt.ams.helux.nl:/etc/openldap/certs
scp serverkey.pem root@ldap.mngt.ams.helux.nl:/etc/openldap/certs

for iOS/Juniper SSL VPN 

cd /opt
mkdir ios_sslvpn
openssl genrsa -out ios_sslvpn/devicekey.pem 4096
openssl req -new -days 365 -key ios_sslvpn/devicekey.pem -out ios_sslvpn/devicecsr.pem -subj "/C=NL/ST=ZH/L=Bergschenhoek/O=Helux/CN=ios@helux.nl"
openssl x509 -req -days 365 -in ios_sslvpn/devicecsr.pem -CA ca.mngt.rtd.helux.nl/cacert.pem -CAkey ca.mngt.rtd.helux.nl/key.pem -set_serial 01 -out ios_sslvpn/devicecert.pem
openssl pkcs12 -export -out ios_sslvpn/device.p12 -inkey ios_sslvpn/devicekey.pem -in ios_sslvpn/devicecert.pem -certfile ios_sslvpn/devicecert.pem

Juniper MAG

Import CA certificate in Juniper MAG 

System > Configuration > Certificates > Trusted Client CAs > "Import CA Certificate..."

iPhone/iPad

Import p12 certificate in iOS using iPhone Configuration Utility

sign_ssl_certificates_with_own_ca.1425547302.txt.gz · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki