###
### Supongamos IP -> Cloud = f4430d9x7320.sn.mynetname.net
###
# Creaccion de los certificados
# Primero la CA
/certificate
add name=vpn-ca country=ES state=Tabarnia locality=Rivendel organization="Perico Palotes LTD"\
common-name="VPN CA" subject-alt-name=DNS:mynetname.net key-size=2048 days-valid=3650 trusted=yes\
key-usage=digital-signature,key-encipherment,data-encipherment,key-cert-sign,crl-sign
# Luego el certificado del servidor
add name=vpn-server country=ES state=Tabarnia locality=Rivendel organization=Perico Palotes LTD" unit=VPN\
common-name="VPN Server" subject-alt-name=DNS:*.sn.mynetname.net key-size=2048 days-valid=1825\
key-usage=tls-server,key-encipherment,digital-signature
# Por ultimo una template para crear certificados cliente
add name=~vpn-client-template country=ES state=Tabarnia locality=Rivendel organization=Perico Palotes LTD"\
common-name="VPN Client XXX" subject-alt-name=email:xxx@f4430d9x7320.sn.mynetname.net key-size=2048\
days-valid=730 key-usage=tls-client
#Y los certificados de tipo cliente, copia de la template
add copy-from=~vpn-client-template name=vpn-client-mobile common-name="VPN Client Mobile"\
subject-alt-name=email:mobile@f4430d9x7320.sn.mynetname.net
add copy-from=~vpn-client-template name=vpn-client-iphone common-name="VPN Client iPhone"\
subject-alt-name=email:iphone@f4430d9x7320.sn.mynetname.net
# Los firmamos
/certificate
sign vpn-ca
{:delay 5};
sign vpn-server ca=vpn-ca
sign vpn-client-mobile ca=vpn-ca
sign vpn-client-iphone ca=vpn-ca
# Exportar la CA y los certificados cliente
/certificate
export-certificate vpn-ca file-name=ca
export-certificate vpn-client-mobile type=pkcs12 export-passphrase="MySuperVPN!" file-name=mobile
export-certificate vpn-client-iphone type=pkcs12 export-passphrase="MySuperVPN!" file-name=iphone