Thursday, February 13, 2025

Client Certificate

https://amod-kadam.medium.com/how-to-set-up-private-ca-and-use-the-certificates-issued-by-private-ca-da55941c51ee

Step1: Generate private key for CA

openssl genrsa -des3 -out CA.key 2048

openssl genrsa -des3 -out ca.key 4096

openssl genrsa -aes256 -out ca.key 2048

openssl genrsa -aes256 -out lab.key 2048

Generating RSA private key, 2048 bit long modulus (2 primes)

.......................................+++++

..........................................+++++

e is 65537 (0x010001)

Enter pass phrase for lab.key:

Verifying - Enter pass phrase for lab.key: aruba123

cisco123

.........................................

Step2: Generate CA certificate

openssl req -x509 -new -nodes -key CA.key -sha256 -days 1825 -out CA.pem

openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.pem

.........................................

openssl req -new -key client1.key -out client1.csr -config client.conf.


openssl genrsa -aes256 -out client1.key 2048

openssl genrsa -aes256 -out client2.key 2048


(openssl req -new -key ca.key -out client1.csr)

openssl req -new -key client1.key -out client1.csr

openssl req -new -key client2.key -out client2.csr

.........................................

openssl req -in client1.csr -noout -text

.........................................

openssl x509 -req -in client1.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out client1.crt -days 500 -sha256 -extfile client.conf -extensions req_ext.


openssl x509 -req -days 3650 -in acme.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out acme.crt -sha256 


openssl x509 -req -in client1.csr -CA ca.pem -days 3650 -CAkey ca.key -set_serial 01 -out client1.pem

openssl x509 -req -in client2.csr -CA ca.pem -days 3650 -CAkey ca.key -set_serial 02 -out client2.pem


.........................................

openssl x509 -in client1.pem -text -noout

.........................................

https://stackoverflow.com/questions/808669/convert-a-cert-pem-certificate-to-a-pfx-certificate

openssl pkcs12 -inkey bob_key.pem -in bob_cert.cert -export -out bob_pfx.pfx

openssl pkcs12 -inkey client1.key -in client1.pem -export -out client1_pfx.pfx

openssl pkcs12 -inkey client2.key -in client2.pem -export -out client2.pfx


.........................................

openssl pkcs12 -in example.pfx -info

.........................................

.........................................

Reference:


https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory

https://knowledge.digicert.com/general-information/openssl-quick-reference-guide

https://amod-kadam.medium.com/how-to-set-up-private-ca-and-use-the-certificates-issued-by-private-ca-da55941c51ee

https://mcilis.medium.com/how-to-create-a-client-certificate-with-configuration-using-openssl-89214dca58ec

https://docs.microfocus.com/SM/9.60/Hybrid/Content/security/concepts/example_generating_a_client_certificate_with_openssl.htm

https://techdocs.akamai.com/iot-edge-connect-msg-store/docs/create-client-certificate

https://techdocs.akamai.com/iot-edge-connect-msg-store/docs/create-root-certificate


PFX file

https://superuser.com/questions/1352171/certificate-validation-failure-while-using-cisco-anyconnect-with-pfx-certificate

https://stackoverflow.com/questions/808669/convert-a-cert-pem-certificate-to-a-pfx-certificate


.........................................

<?xml version="1.0" encoding="UTF-8"?><CISCO_WT_ARTIFACTS version="1.0"><CISCO_WT_LICENSE version="1.0"><FEATURE_NAME>isrv_ax_2500M</FEATURE_NAME><FEATURE_VERSION>1.0</FEATURE_VERSION><UDI><PID>CSR1000V</PID><SN>9TH7THPKTT1</SN></UDI><SOURCE>Cisco HQ</SOURCE><CREATE_DATE>2024-08-07T21:15:32</CREATE_DATE><LICENSE_LINE_HASH hashAlgo="SHA1">JBvrqjBdFJT20G0r1k+HIKCCc2w=</LICENSE_LINE_HASH><TYPE>PERMANENT</TYPE><EXPIRATION><END_DATE>2024-10-06T00:00:00</END_DATE></EXPIRATION><EULA>YES</EULA><LICENSE_LINE><![CDATA[12 isrv_ax_2500M 1.0 LONG NORMAL STANDALONE EXCL INFINITE_KEYS INFINITE_KEYS NEVER 6 OCT 2024 0 NiL SLM_CODE CL_ND_LCK NiL *16TCG9NNFN3G7NB400 NiL NiL NiL 5_MINS <UDI><PID>CSR1000V</PID><SN>9TH7THPKTT1</SN></UDI><T></T> g1vN31TW:J1oxPN,my80fXjZhLpsIKAemgCQWu7QO:3CTbzuOlwc3o:Ek:JBvVmjLP2x8eaaDknlXLsCY9sTB13nG4DG1,Bwtnvt4JJVuTD:VdVmhrGPnS8eIAuqwaYtOXVf$<WLC>AQEBISAB//+MlxSL+JEtsz69sAok+UgcaAQrPyL4yPhKhHwtX5bmbzFZXBZo8M5Y0j9gHdCXtUfuqTEyF3Qjv6OgUxqCBLxC39awh+4AFpeUpMd2eIwjYyY4xDkAF4R5JxWFrounhiN89CsmPogG23Og4EJ0yZfQDhXzY00o7+ZWZVe61YQ1M11MRJGkwS1ELz8crBZnBZo=</WLC>]]></LICENSE_LINE><USER_MODIFIABLE_COMMENT fieldRestrictions="Max 99 ASCII characters in length."></USER_MODIFIABLE_COMMENT></CISCO_WT_LICENSE>

</CISCO_WT_ARTIFACTS>

.........................................


at No comments:
Subscribe to: Comments (Atom)

Cisco Secure Access Docker

  sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.d...

  • Client Certificate
    https://amod-kadam.medium.com/how-to-set-up-private-ca-and-use-the-certificates-issued-by-private-ca-da55941c51ee Step1: Generate private ke...
  • Create SSH Key
    Reference link https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/create-with-openssh/ https://www.ssh.com/academy/ssh/putt...
  • Cisco Secure Access Link
     Useful links Troubleshooting for ThousandEyes https://www.cisco.com/c/en/us/support/docs/security/secure-access/222271-troubleshoot-secure-...