-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathipsec-create-cert.txt
45 lines (35 loc) · 1.24 KB
/
ipsec-create-cert.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
cd /etc/ipsec.d/
ipsec pki --gen --type rsa --size 4096 \
--outform pem \
> private/rootCaKey.pem
chmod 600 private/rootCaKey.pem
ipsec pki --self --ca --lifetime 3650 \
--in private/rootCaKey.pem --type rsa \
--dn "C=SE, O=rootCa, CN=Root CA" \
--outform pem \
> cacerts/rootCaCert.pem
ipsec pki --print --in cacerts/rootCaCert.pem
ipsec pki --gen --type rsa --size 2048 \
--outform pem \
> private/gatewayOneKey.pem
chmod 600 private/gatewayOneKey.pem
ipsec pki --pub --in private/gatewayOneKey.pem --type rsa | \
ipsec pki --issue --lifetime 730 \
--cacert cacerts/rootCaCert.pem \
--cakey private/rootCaKey.pem \
--dn "C=SE, O=ACME, CN=vpn.acme.se" \
--san vpn.acme.se \
--flag serverAuth --flag ikeIntermediate \
--outform pem > certs/gatewayOneCert.pem
ipsec pki --print --in certs/gatewayOneCert.pem
ipsec pki --gen --type rsa --size 2048 \
--outform pem \
> private/gatewayTwoKey.pem
chmod 600 private/gatewayTwoKey.pem
ipsec pki --pub --in private/gatewayTwoKey.pem --type rsa | \
ipsec pki --issue --lifetime 730 \
--cacert cacerts/rootCaCert.pem \
--cakey private/rootCaKey.pem \
--dn "C=UK, O=ACME, [email protected]" \
--san [email protected] \
--outform pem > certs/gatewayTwoCert.pem