diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-09-26 05:28:27 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-09-26 05:28:27 +0000 |
commit | 6fbf66fad3367b24fd6743bcd50254902fd9c8d5 (patch) | |
tree | 9802876e3771744eead18917bb47ff6e90ac39f5 /easy-rsa/Windows/README.txt | |
download | openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.tar.xz |
This is the start of the BETA21 branch.
It includes the --topology feature, and
TAP-Win32 driver changes to allow
non-admin access.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'easy-rsa/Windows/README.txt')
-rw-r--r-- | easy-rsa/Windows/README.txt | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/easy-rsa/Windows/README.txt b/easy-rsa/Windows/README.txt new file mode 100644 index 0000000..2ede7b1 --- /dev/null +++ b/easy-rsa/Windows/README.txt @@ -0,0 +1,44 @@ +Extract all zip'd files to the OpenVPN home directory, +including the openssl.cnf file from the top-level +"easy-rsa" directory. + +First run init-config.bat + +Next, edit vars.bat to adapt it to your environment, and +create the directory that will hold your key files. + +To generate TLS keys: + +Create new empty index and serial files (once only) +1. vars +2. clean-all + +Build a CA key (once only) +1. vars +2. build-ca + +Build a DH file (for server side, once only) +1. vars +2. build-dh + +Build a private key/certficate for the openvpn server +1. vars +2. build-key-server <machine-name> + +Build key files in PEM format (for each client machine) +1. vars +2. build-key <machine-name> + (use <machine name> for specific name within script) + +or + +Build key files in PKCS #12 format (for each client machine) +1. vars +2. build-key-pkcs12 <machine-name> + (use <machine name> for specific name within script) + +To revoke a TLS certificate and generate a CRL file: +1. vars +2. revoke-full <machine-name> +3. verify last line of output confirms revokation +4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>" |