文章索引
Certfacates and key generation from Linux
Certfacates and key generation from Linux
Install the openvpn package on Ubuntu Server using the following command:
sudo apt-get install openvpn easy-rsa
Make an easy-rsa directory inside /etc/openvpn:
cd /etc/openvpn/ sudo mkdir easy-rsa
Use the following command to copy the default easy-rsa into /etc/openvpn/easy-rsa for setting up Certificate Authority (CA), certificates and keys generation for OpenVPN server and clients:
cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
Edit /etc/openvpn/easy-rsa/vars:
cd /etc/openvpn/easy-rsa/ vi vars
Edit these parameters according to your need:
export KEY_COUNTRY="US" export KEY_PROVINCE="NC" export KEY_CITY="Winston-Salem" export KEY_ORG="Example Company" export KEY_EMAIL="
该E-mail地址已受到防止垃圾邮件机器人的保护,您必须启用浏览器的Java Script才能看到。
"
Run the clean-all command:
source vars ./clean-all
Now, generate the CA certificate:
./build-ca
Next, generate a server certificate and private key:
./build-key-server mikrotik
Move to the keys directory (/etc/openvpn/easy-rsa/keys):
cd /etc/openvpn/easy-rsa/keys/
Copy the ca certificate, server certificate and key to the mikrotik router:
ncftpput -u admin 10.10.10.1 / ca.crt mikrotik.crt mikrotik.key
VPN client also need a certificate to authenticate itself to the server. Move to the /etc/openvpn/easy-rsa/directory and create the different certificate for each client:
cd /etc/openvpn/easy-rsa/ source vars ./build-key arbabpc
