Hej Robert and Marko,
thank you very much for your hints! pkitool was the thing I was looking for!
Have good christmas time!
Boris
Am 23.12.2016 um 23:31 schrieb Mark Berndt:
> Robert & Boris
>
> line 2 exports the variables, so you can override them in memory rather than
> changing the vars file
>
> so to generate a specific key file, just set the variable
> KEY_CN="MARKO-CN"
> pkitool marko
>
> KEY_CN="BORIS-CN"
> pkitool boris
>
> etc
>
> cheers
>
> Marko
>
>
> On Fri, 23 Dec 2016 11:29:57 AM Robert K Coffman Jr. -Info From Data Corp.
> wrote:
>> Boris,
>>
>> Try this. Some of this is specific to my configuration (certificate
>> names) just ignore that stuff. I don't think build-key is used any
>> longer...
>>
>> Typical usage for initial PKI setup.
>>
>> Build Server and client cert/keys.
>> 1. edit /etc/openvpn/vars with your site-specific info.
>> 2. . /etc/easyrsa/vars
>> 3. /usr/sbin/clean-all {THIS IS REQUIRED FOR NEW PKI TO CREATE THE
>> INDEX! DO NOT SKIP!}
>> 4. build-dh
>> 5. pkitool –-initca
>> 6. pkitool --server s_servername (this creates the server cert)
>> 7. (CLIENT FILE BUILDS)
>> a. Modify the vars file to change the common name to be the client
>> common name, i.e. c_servername_client1. Re-run . /etc/easyrsa/vars.
>> VARS must match the parameter you pass it in the next step!
>> b. pkitool c_servername_client1
>> c. change vars back!
>> d. Save changes!
>>
>> On 12/23/2016 10:44 AM, Boris wrote:
>>> Hej all,
>>>
>>>
>>> here's a little issue: My LEAF-box (5.2.4 Rev.1) is missing a build-key
>>> -script to generate openvpn-keys.
>>
>> ----------------------------------------------------------------------------
>> -- Developer Access Program for Intel Xeon Phi Processors
>> Access to Intel Xeon Phi processor-based developer platforms.
>> With one year of Intel Parallel Studio XE.
>> Training and support from Colfax.
>> Order your platform today.http://sdm.link/intel
>> ------------------------------------------------------------------------
>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>
> ------------------------------------------------------------------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today.http://sdm.link/intel
> ------------------------------------------------------------------------
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
