Creating certificates

To create needed OpenSSL certificates, few commands have to be executed. These commands are shown in this chapter, but to insure the correct certificate creation, the reader should refer to literature 4 and 11 at the end of this document.

To create a root certificate the following command needs to be executed.

# openssl req -new -x509 -extensions v3_ca -keyout privateKey/cakey.pem -out cacert.pem -days 3650 -config ./openssl.conf

This creates two files, the key file cakey.pem and the root certificate file cacert.pem. After that, the certificate request should be created by executing the following command.

# openssl req -new -nodes -out req.pem -config ./openssl.conf

This command also creates two files, key file key.pem and the certificate request file req.pem. The last step is to sign the certificate request by executing the following command.

# openssl ca -out cert.pem -config ./openssl.conf -infiles req.pem

The result is the necessary certificate file cert.pem.

The roadwarrior client needs to have the root certificate created in the first step, while the VPN gateway needs to have the key file created in the second step, and the signed certificate created in the last step.