Step 4 - Generating Client CertificatesĮach client will also each need a certificate and key in order to authenticate and connect to the VPN. You’re done with the server certificates! Now on to the client certificate. cd /usr/local/etc/openvpn/easy-rsa/keys/Ĭp dh*.pem ca.crt server.crt server.key /usr/local/etc/openvpn/ Now that all the server keys and certs are generated, they should be copied to our OpenVPN configuration directory. This can take some time depending on key size. You do not need a password or an optional company name.Įnter y to sign and commit the key: Country Name (2 letter code) : GBĮmail Address enter the following 'extra' attributesĬertificate is to be certified until Feb 5 14:40:15 2025 GMT (3650 days)ġ out of 1 certificate requests certified, commit? yįinally the Diffie-Hellman key must be generated. build-key-server serverĪgain, set the options. Organizational Unit Name (eg, section) : VPNĬommon Name (eg, your name or your server's hostname) : Įmail Address build the server key. State or Province Name (full name) : Somerset Fill these in with your details: Country Name (2 letter code) : GB You will be prompted to set the CA options. Still from our /usr/local/etc/openvpn/easy-rsa/ directory, first clean the directory, then build the certificate authority (CA)./clean-all vars | sed -e 's/export /setenv /g' -e 's/=/ /g' | source /dev/stdin Move to our easy-rsa directory (required). Since the shell we’re using is tcsh, the export lines need to be replaced with setenv. If you like you can also set the default certificate and key values in this file so you don’t have to enter them later. These days the standard is 2048-bit keys, although you can also use 4096-bit, which is more secure but slows down negotiation. Open the vars file for editing: nano /usr/local/etc/openvpn/easy-rsa/varsĬhange the key size by modifying this line: export KEY_SIZE= 2048 cp -r /usr/local/share/easy-rsa /usr/local/etc/openvpn/easy-rsa Step 3 - Generating Server Certificates and KeysĮasy-rsa makes generating certs and keys simple.įirst, copy the program to your configuration directory, since you will be modifying values. Note: Each configuration can run only one port and protocol at once.įinally, be sure to save your changes. This will make OpenVPN run with fewer privileges, for security
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |