-
-
Notifications
You must be signed in to change notification settings - Fork 20
build and inline tls auth
TinCanTech edited this page Aug 2, 2021
·
2 revisions
This page describes how to build and inline a TLS-Auth key
These steps must be done in the order shown.
Use Easy-TLS inter-active build
menu:
-
./easytls build
-
Select
[1] TLS-Auth key - Legacy HMAC pre-shared key
Command line to build a TLS Auth key:
./easytls bta
Use Easy-TLS inter-active inline
menu:
-
./easytls inline
-
Select
[1] Inline-file with TLS-Auth key for Server
- Enter the name of your server common-name. eg:
server
- Select Key direction
0
- This is the default. - Press enter: You do have the private key for this X509 certificate.
- Press enter: You can not use a Diffie-Hellman parameters file in No-CA mode.
- Type
yes
: The file you will over-write will be correctly recreated with a TLS-AUTH inline file.
Command line to inline a TLS Auth key with a Server certificate:
./easytls ita <server-name> 0
- Enter the name of your server common-name. eg:
Use Easy-TLS inter-active inline
menu:
-
./easytls inline
-
Select
[2] Inline-file with TLS-Auth key for Client
- Enter the name of your client common-name. eg:
alice
- Select Key direction
1
- This is the default. - Press enter: You do have the private key for this X509 certificate.
- Enter the common-name of your Server (eg:
server
) to automatically share peer-fingerprints. - Type
yes
: The file you will over-write will be correctly recreated with a TLS-AUTH inline file.
Command line to inline a TLS Auth key with a Server certificate:
-
./easytls -r=<server-name> inline-tls-auth <client-name> 1
The-r|--ss-peer-fingerprint
option tells the command the name of the server to share this client fingerprint with.
- Enter the name of your client common-name. eg: