Skip to content

build and inline tls auth

TinCanTech edited this page Aug 2, 2021 · 2 revisions

This page describes how to build and inline a TLS-Auth key

These steps must be done in the order shown.

Build a TLS-Auth key

Use Easy-TLS inter-active build menu:

  • ./easytls build

  • Select [1] TLS-Auth key - Legacy HMAC pre-shared key

    Command line to build a TLS Auth key:

    • ./easytls bta

Inline a TLS-Auth key for a Server

Use Easy-TLS inter-active inline menu:

  • ./easytls inline

  • Select [1] Inline-file with TLS-Auth key for Server

    • Enter the name of your server common-name. eg: server
    • Select Key direction 0 - This is the default.
    • Press enter: You do have the private key for this X509 certificate.
    • Press enter: You can not use a Diffie-Hellman parameters file in No-CA mode.
    • Type yes: The file you will over-write will be correctly recreated with a TLS-AUTH inline file.

    Command line to inline a TLS Auth key with a Server certificate:

    • ./easytls ita <server-name> 0

Inline a TLS-Auth key for a Client

Use Easy-TLS inter-active inline menu:

  • ./easytls inline

  • Select [2] Inline-file with TLS-Auth key for Client

    • Enter the name of your client common-name. eg: alice
    • Select Key direction 1 - This is the default.
    • Press enter: You do have the private key for this X509 certificate.
    • Enter the common-name of your Server (eg: server) to automatically share peer-fingerprints.
    • Type yes: The file you will over-write will be correctly recreated with a TLS-AUTH inline file.

    Command line to inline a TLS Auth key with a Server certificate:

    • ./easytls -r=<server-name> inline-tls-auth <client-name> 1
      The -r|--ss-peer-fingerprint option tells the command the name of the server to share this client fingerprint with.