Damme's linux stuff

ssh-keygen #generate all keys
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub # if id_rsa.pub is missing!
ssh-copy-id -i ~/.ssh/mykey user@host # copy id to host

pacman -F $filename # Search package including $filename:
pacman -Ss $package # Search $package
pacman -S $package # Install $package
pacman -R $package # Remove $package

export HOST=$HOSTNAME
export PASS=SuperSecret
export SUBJ='/C=SE/L=Skällinge/O=Unimatrix'
export DAYS=3650

openssl genrsa -aes256 -out ca-key.pem -passout pass:$PASS 4096
openssl req -new -x509 -days $DAYS -key ca-key.pem -sha256 -out ca.pem -passin pass:$PASS -subj $SUBJ

openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

echo subjectAltName = DNS:$HOST,IP:10.0.0.200,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out server-cert.pem -extfile extfile.cnf -passin pass:$PASS

#client:
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days $DAYS -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out cert.pem -extfile extfile-client.cnf -passin pass:$PASS

find . -type d -exec chmod 700 {} \;
find . -type f -exec chmod 600 {} \;