mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-05-09 05:31:05 +08:00
4ec60a5839
This patch fixes remaining issues with Trac ticket #125. It does the following: - Update easy-rsa/2.0/README - Rename easy-rsa/2.0/openssl.cnf as openssl-0.9.8.cnf - Add easy-rsa/2.0/openssl-1.0.0.cnf - Updated vars.bat.sample to use openssl-1.0.0.cnf - Updated win/openvpn.nsi to use openssl-1.0.0.cnf - Add a few undefined variables to vars and vars.bat.sample: required by OpenSSL 1.0.0 (at least on Windows) Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Tested-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
Extract all zip'd files to the OpenVPN home directory, including the openssl.cnf file from the top-level "easy-rsa" directory. First run init-config.bat Next, edit vars.bat to adapt it to your environment, and create the directory that will hold your key files. To generate TLS keys: Create new empty index and serial files (once only) 1. vars 2. clean-all Build a CA key (once only) 1. vars 2. build-ca Build a DH file (for server side, once only) 1. vars 2. build-dh Build a private key/certficate for the openvpn server 1. vars 2. build-key-server <machine-name> Build key files in PEM format (for each client machine) 1. vars 2. build-key <machine-name> (use <machine name> for specific name within script) or Build key files in PKCS #12 format (for each client machine) 1. vars 2. build-key-pkcs12 <machine-name> (use <machine name> for specific name within script) To revoke a TLS certificate and generate a CRL file: 1. vars 2. revoke-full <machine-name> 3. verify last line of output confirms revokation 4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>"