进入路径
/etc/ipsec.d
ipsec pki --gen --type rsa --size 4096 --outform pem > private/centosKey.pem
chmod 600 private/centosKey.pem
ipsec pki --self --ca --lifetime 3650 --in private/centosKey.pem --type rsa --dn "C=CH, O=centos, CN=centos Root CA" --outform pem > cacerts/centosCert.pem
ipsec pki --print --in cacerts/centosCert.pem
ipsec pki --gen --type rsa --size 2048 --outform pem > private/vpnHostKey.pem
chmod 600 private/vpnHostKey.pem
ipsec pki --pub --in private/vpnHostKey.pem --type rsa | ipsec pki --issue --lifetime 730 --cacert cacerts/centosCert.pem --cakey private/centosKey.pem --dn "C=CH, O=centos, CN=172.18.10.63" --san 172.18.10.63 --flag serverAuth --flag ikeIntermediate --outform pem > certs/vpnHostCert.pem
ipsec pki --gen --type rsa --size 2048 --outform pem > private/hongruiKey.pem
chmod 600 private/hongruiKey.pem
ipsec pki --pub --in private/hongruiKey.pem --type rsa | ipsec pki --issue --lifetime 730 --cacert cacerts/centosCert.pem --cakey private/centosKey.pem --dn "C=CH, O=centos, CN=172.18.10.63" --san 172.18.10.63 --outform pem > certs/hongruiCert.pem
openssl pkcs12 -export -inkey private/hongruiKey.pem -in certs/hongruiCert.pem -name "hongrui's VPN Certificate" -certfile cacerts/centosCert.pem -caname "centos Root CA" -nodes -out hongrui.p12
阅读(5589) | 评论(0) | 转发(0) |