>On Sunday, January 7th, 2024 at 1:27 AM, Gert Doering <g...@greenie.muc.de> >wrote:
> Hi, > > On Sat, Jan 06, 2024 at 06:48:55AM +0000, Peter Davis via Openvpn-users wrote: > > > Now I want to create another server and when I use the command "./easyrsa > > init-pki", then the following message is displayed: > > > > # ./easyrsa init-pki > > > "create a server", what does that mean? > > - create a PKI (a certificate management server)? > - create a server certificate for an OpenVPN server? > > If you want to create a server cert, do not ask easy-rsa to create a > new PKI (and destroy the existing one). > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de Hello, Thank you so much for your reply. To build the first server I did the following steps: # cd /etc/openvpn/easy-rsa # mv vars.example vars # nano vars export KEY_COUNTRY="US" export KEY_PROVINCE="CA" export KEY_CITY="NY" export KEY_ORG="GreatCoder" export KEY_EMAIL="ad...@greatcoder.xyz" export KEY_OU="OpenVPN" I saved and closed the file. Then: # ./easyrsa init-pki # ./easyrsa build-ca nopass # ./easyrsa gen-req GreatCoder_Server nopass # ./easyrsa sign-req server GreatCoder_Server Building a Diffie-Hellman key exchange: # ./easyrsa --keysize=4096 gen-dh # openvpn --genkey secret ta.key Finally: # cp ta.key /etc/openvpn/server # cp pki/ca.crt /etc/openvpn/server # cp pki/private/GreatCoder_Server.key /etc/openvpn/server # cp pki/issued/GreatCoder_Server.crt /etc/openvpn/server # cp pki/dh.pem /etc/openvpn/server/ As you can see, I have moved the files to /etc/openvpn/server directory. Now if I ignore the warning message above, what is the risk? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users