Life is Good

what a certificate authority is you’re basically making the encryption version of a trustworthy person and that trustworthy person will be signing all of your other certificates so basically we create a certificate and a key and that’s called the certificate authority and we use that to assign all other certificates and that we will be making later on that’s what we’re doing right now so if that was kind of difficult don’t worry you don’t need to actually understand how it’s working but hopefully it’s a little more clear all right so dot slash build – CA press enter it will go ahead and create an RSA private key and in this step and at a bunch of future steps we’ll be asked about five or ten questions in a certificate there’s a bunch of fields that kind of describe who the certificate belongs to where they’re located and this first question is the country name now it has a default value listed here in the brackets and if you press ENTER it’ll use that default value you can also type anything you want I mean you could put in on a UK or whatever anything or if you want to explicitly leave it empty just to put a period so I’m going to leave it empty because we don’t need it and it doesn’t really matter someone put a period press Enter same thing for state of province I’m going to leave it empty so I’m going to press our press period press Enter locality name same thing period enter organization name same thing period enter organizational unit name same thing period enter common name the common name is the only part of a certificate that is really required and it specifies who the certificate belongs to so for example if you login to your bank’s website and you know there’s that padlock icon at the top telling you you have a secure connection in case you’re going to where you can click that icon and you can actually view the certificate and so if your bank is I don’t know chase or whoever if you click on that you’ll see that the certificate if ik it belongs to chase.com or you know bankofamerica.com or or whatever that’s the common name so if you have a.com you can type that in here like in the demo that I did in my previous video we set it up on CG artwork comm I could type that in here all that really matters is it should describe who the certificate belongs to I’m just going to put in VPN server so in this case again we’re setting up the certificate authority on the raspberry pi and the raspberry pi is also going to be the VPN server so I’m going to call my Raspberry Pi EPN my server all right press enter name I’m going to leave that empty with a period press Enter email address same thing period enter and that’s it so we have now created our certificate authority now what we do is we’re going to create certificates for the server which is the Raspberry Pi again and certificates for every client so in my in this demo I’m going to show you how to set it up with your Windows PC I mean like like like here with your laptop or desktop will be one client and I’m also going to show how to use it on an Android phone and that’ll be the second client so we need to create three certificates one for the server which is a Raspberry Pi one for my Windows desktop computer and one for my android phone we can call the first command dot slash build keep a build key server so build – key – server space and then the common name so again I’m going to reuse what I used before which is VPN server for the common name and that will be or because we’re making the key for the server that will be the identifier for this key so I’m going to call it VPN server again you right here you can type in the common name so anything you want to identify your raspberry pi VPN server is what you can put here press enter it will create another RSA private key and just like before we have all these things we can enter a period enter period enter period enter period enter okay now let’s see here that the default value was what I had typed in earlier it’s from when I typed in this command so we can just press ENTER and it will use that default value which is what we want period to leave it empty enter period enter you can add a password if you want but for personal use it’s really not that important I’m going to leave it empty so just press Enter don’t don’t press period just press ENTER again company name you can leave that empty just press ENTER and now it will ask you to verify that you actually want to sign this certificate using the certificate authority we created earlier so press Y for yes press ENTER again press Y press.