git clone https://github.com/OpenVPN/easy-rsa
sudo ln -s /home/jeffscrum/easy-rsa/easyrsa3/easyrsa /usr/bin/easyrsasudo easyrsagit clone https://github.com/jeffscrum/mtls-cert-manage/cd ~/mtls-cert-manage/pki
chmod +x *.shsudo easyrsa init-pki
sudo easyrsa gen-dh
sudo easyrsa build-cavi capassfile./splunk.sh./haproxy.shvi p12passfile./client.sh <client_name>vi cppassfile./clientpw.sh <client_name>Note If you are exportin certificate for MacOS, use legacy algorithms for p12 (More info)
openssl pkcs12 -export -legacy -out <export_name>.p12 -in <client_name>.crt -inkey <client_name>.key -certfile <ca_name>.crt
./revoke.sh <client_name>openssl x509 -noout -text -in ca.crt
openssl crl -noout -text -in revoked.pemNote:
- client1.p12 is client p12 file (client certificate)
- ca.crt is CA Certificate
- How to import CA Certificate in Windows
- How to import client certificate to the Chrome
- How to import client certificate to the Firefox
- How to import client certificate to the Microsoft Edge
- How to import CA Certificate in Mac OS X
- How to import client certificate to the Chrome Mac OS X
- How to import client certificate to the Firefox Mac OS X
- How to import client certificate to the Safari Mac OS X
Secure TLS protocol and cipher configurations for webservers can be generated using Mozilla's SSL Configuration Generator. All supported browsers and the Mobile apps are known to work with the "Modern" configuration.