CREATE KEYS FOR THE SERVER AND THE CLIENTS
Change to the directory /usr/share/doc/openvpn/examples/easy-rsa/2.0
Vi vars and change
export KEY_COUNTRY=" "
export KEY_PROVINCE=""
export KEY_CITY=" "
export KEY_ORG=""
export KEY_EMAIL=""
To whatever you want
gzip -d pkitool.gz
type the command ./vars
./clean-all
./build-ca
You will be asked to answer the questions you filled up top.
./build-key-server server
You will have to answer the same questions above. It will ask you for a password, I suggest you don’t put a password when it ask.
Click yes to sign the certificate.
Now to build the client files.
Type ./build-key client1
And once again you will need to answer the questions above. I still don’t recommend you putting a password as it can cause problems when I have tried.
Next you will want to type ./build-dh
All the files you just generated are located in /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys
If you do a list command in the keys folder you should have something like:
01.pem ca.key client1.key index.txt.attr serial server.csr
02.pem client1.crt dh1024.pem index.txt.attr.old serial.old server.key
ca.crt client1.csr index.txt index.txt.old server.crt
Now you have to be careful with these files. Files such as the ca.key (THIS IS THE MOST IMPORTANT FILE TO PROTECT), server.key and the client1.key files are the ones that really need to be protected. Saying that all files should be protected but those I just listed are the ones you don’t want to be leaving laying around.
Copy the files ca.crt, ca.key, dh1024.pem, server.crt, and server.key to the /etc/openvpn/keys
cp ca.key ca.crt dh1024.pem server.key server.crt /etc/openvpn/keys/
We will worry about the client files after we configure the client config file.