Самоподписанные SSL сертификаты

Корневой сертификат

openssl genrsa -out ./ca.key 4096
openssl req -x509 -new -key ./ca.key -days 3650 -out ./ca.crt -subj '/C={{ country }}/ST={{ state }}/L={{ locality }}/CN={{ organization }}'

Сертификат сервера

openssl genrsa -out ./server.key 4096
openssl req -new -key ./server.key -days 3650 -out ./server.csr -subj '/C={{ country }}/ST={{ state }}/L={{ locality }}/CN=server'
openssl x509 -req -days 3650 -in ./server.csr -CA ./ca.crt -CAkey ./ca.key -set_serial 01 -out ./server.crt

Сертификат клиента

openssl genrsa -out ./client.key 4096
openssl req -new -key ./client.key -days 3650 -out ./client.csr -subj '/C={{ country }}/ST={{ state }}/L={{ locality }}/CN=client'
openssl x509 -req -days 3650 -in ./client.csr -CA ./ca.crt -CAkey ./ca.key -set_serial 01 -out ./client.crt

Ключ Диффи-Хеллмана

openssl dhparam -out dh2048.pem 2048

MikroTik

• На сервер копируем ./ca.crt, ./server.crt, ./server.key
• На клиентов копируем ./ca.crt, ./client.crt, ./client.key