blob: 2ede7b1b55ef39e19d5cc3de1f7825e33e7730a8 (
plain) (
tree)
|
|
Extract all zip'd files to the OpenVPN home directory,
including the openssl.cnf file from the top-level
"easy-rsa" directory.
First run init-config.bat
Next, edit vars.bat to adapt it to your environment, and
create the directory that will hold your key files.
To generate TLS keys:
Create new empty index and serial files (once only)
1. vars
2. clean-all
Build a CA key (once only)
1. vars
2. build-ca
Build a DH file (for server side, once only)
1. vars
2. build-dh
Build a private key/certficate for the openvpn server
1. vars
2. build-key-server <machine-name>
Build key files in PEM format (for each client machine)
1. vars
2. build-key <machine-name>
(use <machine name> for specific name within script)
or
Build key files in PKCS #12 format (for each client machine)
1. vars
2. build-key-pkcs12 <machine-name>
(use <machine name> for specific name within script)
To revoke a TLS certificate and generate a CRL file:
1. vars
2. revoke-full <machine-name>
3. verify last line of output confirms revokation
4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>"
|