Create and configure Client Certificates for VPN

I’ve been using VPN with server+client certificates since 11.4
After upgrading to Leap 15 the ca-management YaST module is not available anymore.

We plan some changes to our VPN clients, so here come the questions:

  1. How do I issue new/revoke client certificates (with or without key)?
  2. How do I configure/renew the server certificate?
  3. Where are the pre-Leap 15 certificates and settings stored?

Any help is welcome as I didn’t find any information online and the docs mention only managing through ca-management.

A posted recommendation

https://forums.opensuse.org/showthread.php/530945-Yast-ca-module-in-15?p=2884541#post2884541

TSU

Thank you for the recommendation. I’ll try both TinyCA2 and XCA.

Still couldn’t find the files that yast ca-management used.

It should be possible to do a little research and possibly work to find the certificate file locations that the YaST CA module used…
But, it’s unlikely to be of much use.

If you have any certificates managed by YaST, you’d probably have to export them and import into the new management tool, anyway…
I suppose if you have tight security regulation, you’d probably want to revoke those old certificates but otherwise I’d assume that things will work fine if you just issue new certificates, particularly for VPN use.

TSU

I assume that you examined the source?