diff options
Diffstat (limited to 'easy-rsa/Windows')
-rw-r--r-- | easy-rsa/Windows/README.txt | 44 | ||||
-rw-r--r-- | easy-rsa/Windows/build-ca-pass.bat | 8 | ||||
-rw-r--r-- | easy-rsa/Windows/build-ca.bat | 4 | ||||
-rw-r--r-- | easy-rsa/Windows/build-dh.bat | 4 | ||||
-rw-r--r-- | easy-rsa/Windows/build-key-pass.bat | 8 | ||||
-rw-r--r-- | easy-rsa/Windows/build-key-pkcs12.bat | 10 | ||||
-rw-r--r-- | easy-rsa/Windows/build-key-server-pass.bat | 8 | ||||
-rw-r--r-- | easy-rsa/Windows/build-key-server.bat | 8 | ||||
-rw-r--r-- | easy-rsa/Windows/build-key.bat | 8 | ||||
-rw-r--r-- | easy-rsa/Windows/clean-all.bat | 13 | ||||
-rw-r--r-- | easy-rsa/Windows/index.txt.start | 0 | ||||
-rwxr-xr-x | easy-rsa/Windows/init-config.bat | 1 | ||||
-rw-r--r-- | easy-rsa/Windows/revoke-full.bat | 13 | ||||
-rw-r--r-- | easy-rsa/Windows/serial.start | 1 | ||||
-rw-r--r-- | easy-rsa/Windows/vars.bat.sample | 40 |
15 files changed, 0 insertions, 170 deletions
diff --git a/easy-rsa/Windows/README.txt b/easy-rsa/Windows/README.txt deleted file mode 100644 index 2ede7b1..0000000 --- a/easy-rsa/Windows/README.txt +++ /dev/null @@ -1,44 +0,0 @@ -Extract all zip'd files to the OpenVPN home directory, -including the openssl.cnf file from the top-level -"easy-rsa" directory. - -First run init-config.bat - -Next, edit vars.bat to adapt it to your environment, and -create the directory that will hold your key files. - -To generate TLS keys: - -Create new empty index and serial files (once only) -1. vars -2. clean-all - -Build a CA key (once only) -1. vars -2. build-ca - -Build a DH file (for server side, once only) -1. vars -2. build-dh - -Build a private key/certficate for the openvpn server -1. vars -2. build-key-server <machine-name> - -Build key files in PEM format (for each client machine) -1. vars -2. build-key <machine-name> - (use <machine name> for specific name within script) - -or - -Build key files in PKCS #12 format (for each client machine) -1. vars -2. build-key-pkcs12 <machine-name> - (use <machine name> for specific name within script) - -To revoke a TLS certificate and generate a CRL file: -1. vars -2. revoke-full <machine-name> -3. verify last line of output confirms revokation -4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>" diff --git a/easy-rsa/Windows/build-ca-pass.bat b/easy-rsa/Windows/build-ca-pass.bat deleted file mode 100644 index ab0b2a4..0000000 --- a/easy-rsa/Windows/build-ca-pass.bat +++ /dev/null @@ -1,8 +0,0 @@ -@echo off -cd %HOME% -rem build a request for a cert that will be valid for ten years -openssl req -days 3650 -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem sign the cert request with our ca, creating a cert/key pair -openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem delete any .old files created in this process, to avoid future file creation errors -del /q %KEY_DIR%\*.old diff --git a/easy-rsa/Windows/build-ca.bat b/easy-rsa/Windows/build-ca.bat deleted file mode 100644 index a3f234b..0000000 --- a/easy-rsa/Windows/build-ca.bat +++ /dev/null @@ -1,4 +0,0 @@ -@echo off -cd %HOME% -rem build a cert authority valid for ten years, starting now -openssl req -days 3650 -nodes -new -x509 -keyout %KEY_DIR%\ca.key -out %KEY_DIR%\ca.crt -config %KEY_CONFIG% diff --git a/easy-rsa/Windows/build-dh.bat b/easy-rsa/Windows/build-dh.bat deleted file mode 100644 index 74bc603..0000000 --- a/easy-rsa/Windows/build-dh.bat +++ /dev/null @@ -1,4 +0,0 @@ -@echo off -cd %HOME% -rem build a dh file for the server side -openssl dhparam -out %KEY_DIR%/dh%KEY_SIZE%.pem %KEY_SIZE% diff --git a/easy-rsa/Windows/build-key-pass.bat b/easy-rsa/Windows/build-key-pass.bat deleted file mode 100644 index ab0b2a4..0000000 --- a/easy-rsa/Windows/build-key-pass.bat +++ /dev/null @@ -1,8 +0,0 @@ -@echo off -cd %HOME% -rem build a request for a cert that will be valid for ten years -openssl req -days 3650 -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem sign the cert request with our ca, creating a cert/key pair -openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem delete any .old files created in this process, to avoid future file creation errors -del /q %KEY_DIR%\*.old diff --git a/easy-rsa/Windows/build-key-pkcs12.bat b/easy-rsa/Windows/build-key-pkcs12.bat deleted file mode 100644 index 1fc083e..0000000 --- a/easy-rsa/Windows/build-key-pkcs12.bat +++ /dev/null @@ -1,10 +0,0 @@ -@echo off -cd %HOME% -rem build a request for a cert that will be valid for ten years -openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem sign the cert request with our ca, creating a cert/key pair -openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem convert the key/cert and embed the ca cert into a pkcs12 file. -openssl pkcs12 -export -inkey %KEY_DIR%\%1.key -in %KEY_DIR%\%1.crt -certfile %KEY_DIR%\ca.crt -out %KEY_DIR%\%1.p12 -rem delete any .old files created in this process, to avoid future file creation errors -del /q %KEY_DIR%\*.old diff --git a/easy-rsa/Windows/build-key-server-pass.bat b/easy-rsa/Windows/build-key-server-pass.bat deleted file mode 100644 index 99ed4d3..0000000 --- a/easy-rsa/Windows/build-key-server-pass.bat +++ /dev/null @@ -1,8 +0,0 @@ -@echo off -cd %HOME% -rem build a request for a cert that will be valid for ten years -openssl req -days 3650 -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem sign the cert request with our ca, creating a cert/key pair -openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -extensions server -config %KEY_CONFIG% -rem delete any .old files created in this process, to avoid future file creation errors -del /q %KEY_DIR%\*.old diff --git a/easy-rsa/Windows/build-key-server.bat b/easy-rsa/Windows/build-key-server.bat deleted file mode 100644 index 20e3605..0000000 --- a/easy-rsa/Windows/build-key-server.bat +++ /dev/null @@ -1,8 +0,0 @@ -@echo off -cd %HOME% -rem build a request for a cert that will be valid for ten years -openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem sign the cert request with our ca, creating a cert/key pair -openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -extensions server -config %KEY_CONFIG% -rem delete any .old files created in this process, to avoid future file creation errors -del /q %KEY_DIR%\*.old diff --git a/easy-rsa/Windows/build-key.bat b/easy-rsa/Windows/build-key.bat deleted file mode 100644 index c040904..0000000 --- a/easy-rsa/Windows/build-key.bat +++ /dev/null @@ -1,8 +0,0 @@ -@echo off -cd %HOME% -rem build a request for a cert that will be valid for ten years -openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem sign the cert request with our ca, creating a cert/key pair -openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG% -rem delete any .old files created in this process, to avoid future file creation errors -del /q %KEY_DIR%\*.old diff --git a/easy-rsa/Windows/clean-all.bat b/easy-rsa/Windows/clean-all.bat deleted file mode 100644 index 71cbf4d..0000000 --- a/easy-rsa/Windows/clean-all.bat +++ /dev/null @@ -1,13 +0,0 @@ -@echo off -rem move to the HOME directory specified in VARS script -cd %HOME% -rem set a temporary KEY_DIR variable -set d=%KEY_DIR% -rem delete the KEY_DIR and any subdirs quietly -rmdir /s /q %d% -rem make a new KEY_DIR -mkdir %d% -rem copy in a fesh index file so we begin with an empty database -copy index.txt.start %d%\index.txt -rem copy in a fresh serial file so we begin generating keys at index 01 -copy serial.start %d%\serial. diff --git a/easy-rsa/Windows/index.txt.start b/easy-rsa/Windows/index.txt.start deleted file mode 100644 index e69de29..0000000 --- a/easy-rsa/Windows/index.txt.start +++ /dev/null diff --git a/easy-rsa/Windows/init-config.bat b/easy-rsa/Windows/init-config.bat deleted file mode 100755 index 12e6d78..0000000 --- a/easy-rsa/Windows/init-config.bat +++ /dev/null @@ -1 +0,0 @@ -copy vars.bat.sample vars.bat diff --git a/easy-rsa/Windows/revoke-full.bat b/easy-rsa/Windows/revoke-full.bat deleted file mode 100644 index ef2e4b5..0000000 --- a/easy-rsa/Windows/revoke-full.bat +++ /dev/null @@ -1,13 +0,0 @@ -@echo off -cd %HOME% -rem revoke cert -openssl ca -revoke %KEY_DIR%\%1.crt -config %KEY_CONFIG% -rem generate new crl -openssl ca -gencrl -out %KEY_DIR%\crl.pem -config %KEY_CONFIG% -rem test revocation -rem first concatinate ca cert with newly generated crl -copy %KEY_DIR%\ca.crt+%KEY_DIR%\crl.pem %KEY_DIR%\revoke_test_file.pem -rem now verify the revocation -openssl verify -CAfile %KEY_DIR%\revoke_test_file.pem -crl_check %KEY_DIR%\%1.crt -rem delete temporary test file -del /q %KEY_DIR%\revoke_test_file.pem diff --git a/easy-rsa/Windows/serial.start b/easy-rsa/Windows/serial.start deleted file mode 100644 index 8a0f05e..0000000 --- a/easy-rsa/Windows/serial.start +++ /dev/null @@ -1 +0,0 @@ -01 diff --git a/easy-rsa/Windows/vars.bat.sample b/easy-rsa/Windows/vars.bat.sample deleted file mode 100644 index 36e6f71..0000000 --- a/easy-rsa/Windows/vars.bat.sample +++ /dev/null @@ -1,40 +0,0 @@ -@echo off -rem Edit this variable to point to -rem the openssl.cnf file included -rem with easy-rsa. - -set HOME=%ProgramFiles%\OpenVPN\easy-rsa -set KEY_CONFIG=openssl-1.0.0.cnf - -rem Edit this variable to point to -rem your soon-to-be-created key -rem directory. -rem -rem WARNING: clean-all will do -rem a rm -rf on this directory -rem so make sure you define -rem it correctly! -set KEY_DIR=keys - -rem Increase this to 2048 if you -rem are paranoid. This will slow -rem down TLS negotiation performance -rem as well as the one-time DH parms -rem generation process. -set KEY_SIZE=1024 - -rem These are the default values for fields -rem which will be placed in the certificate. -rem Change these to reflect your site. -rem Don't leave any of these parms blank. - -set KEY_COUNTRY=US -set KEY_PROVINCE=CA -set KEY_CITY=SanFrancisco -set KEY_ORG=OpenVPN -set KEY_EMAIL=mail@host.domain -set KEY_CN=changeme -set KEY_NAME=changeme -set KEY_OU=changeme -set PKCS11_MODULE_PATH=changeme -set PKCS11_PIN=1234 |