Самоподписанные SSL сертификаты
Корневой сертификат
openssl genrsa -out ./ca.key 4096
openssl req -x509 -new -key ./ca.key -days 3650 -out ./ca.crt -subj '/C={{ country }}/ST={{ state }}/L={{ locality }}/CN={{ organization }}'
Сертификат сервера
openssl genrsa -out ./server.key 4096
openssl req -new -key ./server.key -days 3650 -out ./server.csr -subj '/C={{ country }}/ST={{ state }}/L={{ locality }}/CN=server'
openssl x509 -req -days 3650 -in ./server.csr -CA ./ca.crt -CAkey ./ca.key -set_serial 01 -out ./server.crt
Сертификат клиента
openssl genrsa -out ./client.key 4096
openssl req -new -key ./client.key -days 3650 -out ./client.csr -subj '/C={{ country }}/ST={{ state }}/L={{ locality }}/CN=client'
openssl x509 -req -days 3650 -in ./client.csr -CA ./ca.crt -CAkey ./ca.key -set_serial 01 -out ./client.crt
Ключ Диффи-Хеллмана
openssl dhparam -out dh2048.pem 2048
MikroTik
- На сервер копируем ./ca.crt, ./server.crt, ./server.key
- На клиентов копируем ./ca.crt, ./client.crt, ./client.key