Easyrsa

From My Notepad
Revision as of 09:54, 3 April 2020 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SAN Certificates

As of 1 April 2020, the code below will generate a proper SAN certificate using easyrsa3.

./easyrsa --subject-alt-name="DNS:vpn-a.domain.com,DNS:vpn-b.domain.com,DNS:vpn-s.domain.com,DNS:domain-vpn-a.clientdns.goskyhawk.com,DNS:domain-vpn-b.clientdns.goskyhawk.com,DNS:domain-vpn-s.clientdns.goskyhawk.com" build-server-full vpn.domain.com nopass

Wildcard Certificates

Source

Tested 4/3/2020

FQDN="domain.local"
CERT_FILENAME="wildcard.${FQDN}"
CERT_COMMONNAME="*.${FQDN}"
./easyrsa --batch --req-cn="${CERT_COMMONNAME}" gen-req ${CERT_FILENAME} nopass
./easyrsa --batch sign-req server ${CERT_FILENAME}