This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
links:openvpn [2010/11/17 23:22] 127.0.0.1 external edit |
links:openvpn [2019/03/06 07:33] (current) |
||
---|---|---|---|
Line 208: | Line 208: | ||
- | ==== Set the paramters first ==== | + | ==== Set the parameters first ==== |
<code> | <code> | ||
Line 214: | Line 214: | ||
export tls_projectname="projectname" | export tls_projectname="projectname" | ||
- | export tls_cert_dir="/etc/openvpn/$tls_projectname" | + | export tls_cert_dir="/etc/openvpn/$tls_projectname/certs/" |
export tls_ca_CN="ca.$tls_projectname" | export tls_ca_CN="ca.$tls_projectname" | ||
export tls_country="CO" | export tls_country="CO" | ||
Line 232: | Line 232: | ||
<code> | <code> | ||
- | rm -rf "$tls_cert_dir/" | + | # rm -rf "$tls_cert_dir/" |
mkdir -pv "$tls_cert_dir/" | mkdir -pv "$tls_cert_dir/" | ||
cd "$tls_cert_dir/" | cd "$tls_cert_dir/" | ||
Line 242: | Line 242: | ||
<code> | <code> | ||
- | #!/bin/sh | + | #!/bin/bash |
# run this script to generate "openssl.cnf" using the previously exported values | # run this script to generate "openssl.cnf" using the previously exported values | ||
# | # | ||
Line 305: | Line 305: | ||
[ req ] | [ req ] | ||
- | default_bits = 1024 | + | default_bits = 2048 |
default_keyfile = privkey.pem | default_keyfile = privkey.pem | ||
distinguished_name = req_distinguished_name | distinguished_name = req_distinguished_name | ||
Line 376: | Line 376: | ||
<code> | <code> | ||
+ | # note: we don't need '-newkey rsa:2048 ' because config-file.default_bits = 2048 | ||
+ | |||
cd $tls_cert_dir/ ; | cd $tls_cert_dir/ ; | ||
/usr/bin/openssl req \ | /usr/bin/openssl req \ | ||
Line 387: | Line 389: | ||
/bin/chmod 0600 "$tls_ca_CN.key" ; | /bin/chmod 0600 "$tls_ca_CN.key" ; | ||
</code> | </code> | ||
- | |||
==== Generate Server cert/key ==== | ==== Generate Server cert/key ==== | ||