OpenVPN: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 1: | Line 1: | ||
==Generate the master Certificate Authority (CA) certificate & key== | ==Generate the master Certificate Authority (CA) certificate & key== | ||
sudo rsync -a /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa | sudo rsync -a /usr/share/openvpn/easy-rsa/2.0/ /etc/openvpn/easy-rsa/ | ||
/etc/openvpn/easy-rsa/vars | /etc/openvpn/easy-rsa/vars | ||
Revision as of 12:45, 21 March 2008
Generate the master Certificate Authority (CA) certificate & key
sudo rsync -a /usr/share/openvpn/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
/etc/openvpn/easy-rsa/vars set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters.
. ./vars ./clean-all ./build-ca
Generate certificate & key for server
When the Common Name is queried, enter "server"
./build-key-server server
Generate certificates & keys for client
Appropriate Common Name when prompte
./build-key bjorklun
Generate Diffie Hellman parameters
./build-dh
Key Files
Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files:
Filename Needed By Purpose Secret
ca.crt server + all clients Root CA certificate NO
ca.key key signing machine only Root CA key YES
dh{n}.pem server only Diffie Hellman parameters NO
server.crt server only Server Certificate NO
server.key server only Server Key YES
client1.crt client1 only Client1 Certificate NO
client1.key client1 only Client1 Key YES