mercoledì 23 gennaio 2008

Creare o Revocare certificato openvpn

Questi sono i passaggi necessari:

#################################
CREARE UN CERTIFICATO:
cd /etc/openvpn/easy-rsa/
. ./vars
./build-key NOMEUTENTE

vi /etc/openvpn/ipp.txt


#################################
REVOCARE UN CERTIFICATO
cd /etc/openvpn/easy-rsa/
. ./vars
./revoke-full NOMEUTENTE


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dalla guida:
http://openvpn.net/easyrsa.html

BUILD AND SIGN A CERTIFICATE SIGNING REQUEST USING A
LOCALLY INSTALLED ROOT CERTIFICATE/KEY -- this
script generates and signs a certificate in one step,
but it requires that the generated certificate and
private key files be copied to the destination host
over a secure channel.
1. ./build-key mycert (no password protection)
2. OR ./build-key-pass mycert (with password protection)
3. OR ./build-key-pkcs12 mycert (PKCS #12 format)
4. OR ./build-key-server mycert (with nsCertType=server)
5. mycert.crt and mycert.key will be built in your
KEY_DIR directory, and mycert.crt will be signed
by your root CA. If ./build-key-pkcs12 was used a
mycert.p12 file will also be created including the
private key, certificate and the ca certificate.



!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dalla guida:
http://openvpn.net/howto.html#pki

Generate certificates & keys for 3 clients

Generating client certificates is very similar to the previous step. On Linux/BSD/Unix:

./build-key client1 ./build-key client2 ./build-key client3

On Windows:

build-key client1 build-key client2 build-key client3

If you would like to password-protect your client keys, substitute the build-key-pass script.

Remember that for each client, make sure to type the appropriate Common Name when prompted, i.e. "client1", "client2", or "client3". Always use a unique common name for each client.

Nessun commento: