Re: [Openvpn-users] I have a question about Easy-RSA

Sat, 06 Jan 2024 21:54:43 -0800 

>On Sunday, January 7th, 2024 at 1:27 AM, Gert Doering <g...@greenie.muc.de> 
>wrote:


> Hi,
> 
> On Sat, Jan 06, 2024 at 06:48:55AM +0000, Peter Davis via Openvpn-users wrote:
> 
> > Now I want to create another server and when I use the command "./easyrsa 
> > init-pki", then the following message is displayed:
> > 
> > # ./easyrsa init-pki
> 
> 
> "create a server", what does that mean?
> 
> - create a PKI (a certificate management server)?
> - create a server certificate for an OpenVPN server?
> 
> If you want to create a server cert, do not ask easy-rsa to create a
> new PKI (and destroy the existing one).
> 
> gert
> 
> --
> "If was one thing all people took for granted, was conviction that if you
> feed honest figures into a computer, honest figures come out. Never doubted
> it myself till I met a computer with a sense of humor."
> Robert A. Heinlein, The Moon is a Harsh Mistress
> 
> Gert Doering - Munich, Germany g...@greenie.muc.de


Hello,
Thank you so much for your reply.
To build the first server I did the following steps:

# cd /etc/openvpn/easy-rsa
# mv vars.example vars
# nano vars

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="NY"
export KEY_ORG="GreatCoder"
export KEY_EMAIL="ad...@greatcoder.xyz"
export KEY_OU="OpenVPN"


I saved and closed the file. Then:

# ./easyrsa init-pki
# ./easyrsa build-ca nopass
# ./easyrsa gen-req GreatCoder_Server nopass               
# ./easyrsa sign-req server GreatCoder_Server

Building a Diffie-Hellman key exchange:

# ./easyrsa --keysize=4096 gen-dh                        
# openvpn --genkey secret ta.key

Finally:

# cp ta.key /etc/openvpn/server
# cp pki/ca.crt /etc/openvpn/server
# cp pki/private/GreatCoder_Server.key /etc/openvpn/server
# cp pki/issued/GreatCoder_Server.crt /etc/openvpn/server
# cp pki/dh.pem /etc/openvpn/server/


As you can see, I have moved the files to /etc/openvpn/server directory. Now if 
I ignore the warning message above, what is the risk?


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to