#################################
CREARE UN CERTIFICATO:
cd /etc/openvpn/easy-rsa/
. ./vars
./build-key NOMEUTENTE
vi /etc/openvpn/ipp.txt
#################################
REVOCARE UN CERTIFICATO
cd /etc/openvpn/easy-rsa/
. ./vars
./revoke-full NOMEUTENTE
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dalla guida:
http://openvpn.net/easyrsa.html
BUILD AND SIGN A CERTIFICATE SIGNING REQUEST USING A
LOCALLY INSTALLED ROOT CERTIFICATE/KEY -- this
script generates and signs a certificate in one step,
but it requires that the generated certificate and
private key files be copied to the destination host
over a secure channel.
1. ./build-key mycert (no password protection)
2. OR ./build-key-pass mycert (with password protection)
3. OR ./build-key-pkcs12 mycert (PKCS #12 format)
4. OR ./build-key-server mycert (with nsCertType=server)
5. mycert.crt and mycert.key will be built in your
KEY_DIR directory, and mycert.crt will be signed
by your root CA. If ./build-key-pkcs12 was used a
mycert.p12 file will also be created including the
private key, certificate and the ca certificate.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dalla guida:
http://openvpn.net/howto.html#pki
Generate certificates & keys for 3 clients
Generating client certificates is very similar to the previous step. On Linux/BSD/Unix:
./build-key client1 ./build-key client2 ./build-key client3
On Windows:
build-key client1 build-key client2 build-key client3
If you would like to password-protect your client keys, substitute the build-key-pass script.
Remember that for each client, make sure to type the appropriate Common Name when prompted, i.e. "client1", "client2", or "client3". Always use a unique common name for each client.
Nessun commento:
Posta un commento