Chapter 4. PKI, Certificates, and OpenSSL
In this chapter, we will cover:
- Certificate generation
- OpenSSL tricks: x509, pkcs12, verify output
- Revoking certificates
- The use of CRLs
- Checking expired/revoked certificates
- Intermediary CAs
- Multiple CAs: stacking, using the
capathdirective - Determining which crypto library is used
- Crypto features of OpenSSL and PolarSSL
- Pushing ciphers
- Elliptic curve support
Introduction
This chapter is a small detour into the public key infrastructures (PKIs), certificates, and openssl commands. The primary purpose of the recipes in this chapter is to show how the certificates, which are used in OpenVPN, can be generated, managed, viewed, and what kind of interactions exist between OpenSSL and OpenVPN.
Get OpenVPN Cookbook - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
