OpenVPN: Difference between revisions
Jump to navigation
Jump to search
| Line 15: | Line 15: | ||
When the Common Name is queried, enter "server" | When the Common Name is queried, enter "server" | ||
./build-key-server server | ./build-key-server server | ||
Generate Diffie Hellman parameters | |||
./build-dh | |||
HMAC firewall | |||
openvpn --genkey --secret ta.key | |||
==Generate certificates & keys for client== | ==Generate certificates & keys for client== | ||
Appropriate Common Name when prompte | Appropriate Common Name when prompte | ||
./build-key bjorklun | ./build-key bjorklun | ||
==Key Files== | ==Key Files== | ||
Revision as of 13:02, 21 March 2008
Generate the master Certificate Authority (CA) certificate & key
sudo rsync -a /usr/share/openvpn/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
/etc/openvpn/easy-rsa/vars set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters.
. ./vars ./clean-all ./build-ca
Answer yes on everything exept:
Generate certificate & key for server
When the Common Name is queried, enter "server"
./build-key-server server
Generate Diffie Hellman parameters
./build-dh
HMAC firewall
openvpn --genkey --secret ta.key
Generate certificates & keys for client
Appropriate Common Name when prompte
./build-key bjorklun
Key Files
Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files:
Filename Needed By Purpose Secret
ca.crt server + all clients Root CA certificate NO
ca.key key signing machine only Root CA key YES
dh{n}.pem server only Diffie Hellman parameters NO
server.crt server only Server Certificate NO
server.key server only Server Key YES
client1.crt client1 only Client1 Certificate NO
client1.key client1 only Client1 Key YES