OpenVPN: Difference between revisions

From Halfface
Jump to navigation Jump to search
(New page: ==Generate the master Certificate Authority (CA) certificate & key== sudo rsync -a /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa /etc/openvpn/easy-rsa/vars set the KEY_COUNTRY, ...)
 
No edit summary
Line 25: Line 25:
Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files:
Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files:
  Filename Needed By Purpose Secret
  Filename Needed By Purpose Secret
  ca.crt server + all clients Root CA certificate NO
  ca.crt server + all clients Root CA certificate NO
  ca.key key signing machine only Root CA key YES
  ca.key key signing machine only Root CA key YES
  dh{n}.pem server only Diffie Hellman parameters NO
  dh{n}.pem server only Diffie Hellman parameters NO
  server.crt server only Server Certificate NO
  server.crt server only Server Certificate NO

Revision as of 06:58, 17 March 2008

Generate the master Certificate Authority (CA) certificate & key

sudo rsync -a /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa

/etc/openvpn/easy-rsa/vars set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. 

. ./vars
./clean-all
./build-ca

Generate certificate & key for server

When the Common Name is queried, enter "server" 

./build-key-server server

Generate certificates & keys for client

Appropriate Common Name when prompte 

./build-key bjorklun

Generate Diffie Hellman parameters 

./build-dh

Key Files

Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files: 

Filename 	Needed By 			Purpose 			Secret
ca.crt 		server + all clients 		Root CA certificate 		NO
ca.key 		key signing machine only 	Root CA key 			YES
dh{n}.pem 	server only 			Diffie Hellman parameters 	NO
server.crt 	server only 			Server Certificate 		NO
server.key 	server only 			Server Key 			YES
client1.crt 	client1 only 			Client1 Certificate 		NO
client1.key 	client1 only 			Client1 Key 			YES
Retrieved from "https://halfface.se/wiki/index.php?title=OpenVPN&oldid=2088"