|
|
|
@ -65,7 +65,7 @@ OPTIONS:
|
|
|
|
-C Common name (cert field)
|
|
|
|
-C Common name (cert field)
|
|
|
|
This should be the fully qualified domain name or IP address for
|
|
|
|
This should be the fully qualified domain name or IP address for
|
|
|
|
the client or server. Make sure your certs have unique common
|
|
|
|
the client or server. Make sure your certs have unique common
|
|
|
|
namems.
|
|
|
|
names.
|
|
|
|
-O Org name (cert field)
|
|
|
|
-O Org name (cert field)
|
|
|
|
An informational string (company name)
|
|
|
|
An informational string (company name)
|
|
|
|
-o Output filename base (defaults to asterisk)
|
|
|
|
-o Output filename base (defaults to asterisk)
|
|
|
|
@ -83,8 +83,8 @@ and tlscafile=/etc/ca.crt. Since this is a self-signed key, many devices will
|
|
|
|
require you to import the ca.crt file as a trusted cert.
|
|
|
|
require you to import the ca.crt file as a trusted cert.
|
|
|
|
|
|
|
|
|
|
|
|
To create a client cert using the CA cert created by the example above:
|
|
|
|
To create a client cert using the CA cert created by the example above:
|
|
|
|
ast_tls_cert -m client -c /tmp/ca.crt -k /tmp/ca.key -C "Joe User" -O \\
|
|
|
|
ast_tls_cert -m client -c /tmp/ca.crt -k /tmp/ca.key -C phone1.mycompany.com \\
|
|
|
|
"My Company" -d /tmp -o joe_user
|
|
|
|
-O "My Company" -d /tmp -o joe_user
|
|
|
|
|
|
|
|
|
|
|
|
This will create client.crt/key/pem in /tmp. Use this if your device supports
|
|
|
|
This will create client.crt/key/pem in /tmp. Use this if your device supports
|
|
|
|
a client certificate. Make sure that you have the ca.crt file set up as
|
|
|
|
a client certificate. Make sure that you have the ca.crt file set up as
|
|
|
|
|
Terry Wilson
15 years ago