-
-
Notifications
You must be signed in to change notification settings - Fork 20
build and inline tls auth
TinCanTech edited this page Aug 2, 2021
·
2 revisions
This page describes how to build and inline a TLS-Auth key
These steps must be done in the order shown.
Use Easy-TLS inter-active build menu:
-
./easytls build -
Select
[1] TLS-Auth key - Legacy HMAC pre-shared keyCommand line to build a TLS Auth key:
./easytls bta
Use Easy-TLS inter-active inline menu:
-
./easytls inline -
Select
[1] Inline-file with TLS-Auth key for Server- Enter your server common-name. eg:
server - Select Key direction
0- This is the default. - Press enter: You do have the private key for this X509 certificate.
- Press enter: You can not use a Diffie-Hellman parameters file in No-CA mode.
- Type
yes: The file you will over-write will be correctly recreated with a TLS-AUTH inline file.
Command line to inline a TLS Auth key with a Server certificate:
./easytls ita <server-name> 0
- Enter your server common-name. eg:
Use Easy-TLS inter-active inline menu:
-
./easytls inline -
Select
[2] Inline-file with TLS-Auth key for Client- Enter your client common-name. eg:
alice - Select Key direction
1- This is the default. - Press enter: You do have the private key for this X509 certificate.
- Enter the common-name of your Server (eg:
server) to automatically share peer-fingerprints. - Type
yes: The file you will over-write will be correctly recreated with a TLS-AUTH inline file.
Command line to inline a TLS Auth key with a Server certificate:
-
./easytls -r=<server-name> inline-tls-auth <client-name> 1
The-r|--ss-peer-fingerprintoption tells the command the name of the server to share this client fingerprint with.
- Enter your client common-name. eg: