Bolay's Wiki

User Tools

Site Tools

Trace:
operating_systems:linux:debian:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
operating_systems:linux:debian:openvpn [2019/06/14 08:50] maferreiraoperating_systems:linux:debian:openvpn [2020/10/15 13:40] (current) maferreira
Line 11: Line 11:
   # rm EasyRSA-3.0.4.tgz   # rm EasyRSA-3.0.4.tgz
   # mv EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/   # mv EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
 +
 +<note warning>Make sure you have this option set: set_var EASYRSA_PKI "/etc/openvpn/easy-rsa/pki" in /etc/openvpn/easy-rsa/vars</note>
  
 Initialize a new PKI and generate a CA keypair that will be used to sign certificates. Initialize a new PKI and generate a CA keypair that will be used to sign certificates.
Line 22: Line 24:
 </note> </note>
  
-Reference: https://wiki.archlinux.org/index.php/Easy-RSA+Now build the intermediate certificate. 
 +  # ./easyrsa build-server-full server nopass 
 + 
 +Once you have generated and signed OpenVPN server certificate, rename the root CA and CA (intermediate) certificates. 
 +  # cd /etc/openvpn/easy-rsa/pki/ 
 +  # mv ca.crt root_ca.crt 
 +  # mv private/ca.key private/root_ca.key 
 +   
 +  # mv issued/server.crt issued/ca.crt 
 +  # mv private/server.key private/ca.key 
 + 
 +Also move **ca.crt** to /etc/openvpn/easy-rsa/pki. 
 +  # mv /etc/openvpn/easy-rsa/pki/issued/ca.crt /etc/openvpn/easy-rsa/pki 
 + 
 +Make sure pki directory has the following rights, otherwise easygateway web interface won't detect the root_ca.crt file (file_exists() php function): 
 +  drwxrwx--x 6 root       root        4096 Jun 17 16:23 pki 
 + 
 +References:\\ 
 +https://wiki.archlinux.org/index.php/Easy-RSA\\ 
 +https://wiki.debian.org/OpenVPN
operating_systems/linux/debian/openvpn.1560502245.txt.gz · Last modified: 2019/06/14 08:50 by maferreira