< Previous | Contents | Next >
1.2.1. Certificate Authority Setup
To setup your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients first copy the easy-rsa directory to /etc/openvpn. This will ensure that any changes to the scripts will not be lost when the package is updated. From a terminal change to user root and:
mkdir /etc/openvpn/easy-rsa/
cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment:
export KEY_COUNTRY="US" export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem" export KEY_ORG="Example Company" export KEY_EMAIL="steve@example.com" export KEY_CN=MyVPN
export KEY_ALTNAMES=AltMyVPN export KEY_NAME=MyVPN
export KEY_OU=MyVPN
Enter the following to generate the master Certificate Authority (CA) certificate and key:
cd /etc/openvpn/easy-rsa/ source vars
./clean-all
./build-ca