Created
January 3, 2013 15:31
-
-
Save int128/4444300 to your computer and use it in GitHub Desktop.
OpenVPN PKI setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd /etc/openvpn/pki | |
| sudo certtool -c --load-ca-privkey ca.key --load-ca-certificate ca.crt --load-request $NODENAME.csr --outfile $NODENAME.crt | |
| Generating a signed certificate... | |
| Enter the certificate's serial number in decimal (default: xxxxx): | |
| Activation/Expiration time. | |
| The certificate will expire in (days): 1851 | |
| Extensions. | |
| Do you want to honour the extensions from the request? (y/N): | |
| Does the certificate belong to an authority? (y/N): | |
| Is this a TLS web client certificate? (y/N): y | |
| Is this also a TLS web server certificate? (y/N): | |
| Enter the e-mail of the subject of the certificate: | |
| Will the certificate be used for signing (required for TLS)? (y/N): y | |
| Will the certificate be used for encryption (not required for TLS)? (y/N): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir -p /etc/openvpn/pki | |
| cd /etc/openvpn/pki | |
| sudo certtool -p --bits 4096 --outfile $NODENAME.key | |
| sudo certtool -q --load-privkey $NODENAME.key --template $NODENAME.template --outfile $NODENAME.csr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment