Wednesday, December 8, 2010

Generate SSL certificates for openvpn with easy-rsa

Easy-rsa is distributed with openvpn (on Ubuntu anyway), and makes generating SSL certs a lot easier.

Here is typical usage:
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
[edit vars with your site-specific info]
source ./vars
./clean-all
./build-dh     -> takes a long time, consider backgrounding
./pkitool --initca
./pkitool --server myserver
./pkitool client1

Keys and certs are written to the "keys" directory.
at 9:21 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)