summaryrefslogtreecommitdiff
path: root/easy-rsa/Windows
diff options
context:
space:
mode:
Diffstat (limited to 'easy-rsa/Windows')
-rw-r--r--easy-rsa/Windows/README.txt44
-rw-r--r--easy-rsa/Windows/build-ca-pass.bat8
-rw-r--r--easy-rsa/Windows/build-ca.bat4
-rw-r--r--easy-rsa/Windows/build-dh.bat4
-rw-r--r--easy-rsa/Windows/build-key-pass.bat8
-rw-r--r--easy-rsa/Windows/build-key-pkcs12.bat10
-rw-r--r--easy-rsa/Windows/build-key-server-pass.bat8
-rw-r--r--easy-rsa/Windows/build-key-server.bat8
-rw-r--r--easy-rsa/Windows/build-key.bat8
-rw-r--r--easy-rsa/Windows/clean-all.bat13
-rw-r--r--easy-rsa/Windows/index.txt.start0
-rwxr-xr-xeasy-rsa/Windows/init-config.bat1
-rw-r--r--easy-rsa/Windows/revoke-full.bat13
-rw-r--r--easy-rsa/Windows/serial.start1
-rw-r--r--easy-rsa/Windows/vars.bat.sample40
15 files changed, 0 insertions, 170 deletions
diff --git a/easy-rsa/Windows/README.txt b/easy-rsa/Windows/README.txt
deleted file mode 100644
index 2ede7b1..0000000
--- a/easy-rsa/Windows/README.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-Extract all zip'd files to the OpenVPN home directory,
-including the openssl.cnf file from the top-level
-"easy-rsa" directory.
-
-First run init-config.bat
-
-Next, edit vars.bat to adapt it to your environment, and
-create the directory that will hold your key files.
-
-To generate TLS keys:
-
-Create new empty index and serial files (once only)
-1. vars
-2. clean-all
-
-Build a CA key (once only)
-1. vars
-2. build-ca
-
-Build a DH file (for server side, once only)
-1. vars
-2. build-dh
-
-Build a private key/certficate for the openvpn server
-1. vars
-2. build-key-server <machine-name>
-
-Build key files in PEM format (for each client machine)
-1. vars
-2. build-key <machine-name>
- (use <machine name> for specific name within script)
-
-or
-
-Build key files in PKCS #12 format (for each client machine)
-1. vars
-2. build-key-pkcs12 <machine-name>
- (use <machine name> for specific name within script)
-
-To revoke a TLS certificate and generate a CRL file:
-1. vars
-2. revoke-full <machine-name>
-3. verify last line of output confirms revokation
-4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>"
diff --git a/easy-rsa/Windows/build-ca-pass.bat b/easy-rsa/Windows/build-ca-pass.bat
deleted file mode 100644
index ab0b2a4..0000000
--- a/easy-rsa/Windows/build-ca-pass.bat
+++ /dev/null
@@ -1,8 +0,0 @@
-@echo off
-cd %HOME%
-rem build a request for a cert that will be valid for ten years
-openssl req -days 3650 -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem sign the cert request with our ca, creating a cert/key pair
-openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem delete any .old files created in this process, to avoid future file creation errors
-del /q %KEY_DIR%\*.old
diff --git a/easy-rsa/Windows/build-ca.bat b/easy-rsa/Windows/build-ca.bat
deleted file mode 100644
index a3f234b..0000000
--- a/easy-rsa/Windows/build-ca.bat
+++ /dev/null
@@ -1,4 +0,0 @@
-@echo off
-cd %HOME%
-rem build a cert authority valid for ten years, starting now
-openssl req -days 3650 -nodes -new -x509 -keyout %KEY_DIR%\ca.key -out %KEY_DIR%\ca.crt -config %KEY_CONFIG%
diff --git a/easy-rsa/Windows/build-dh.bat b/easy-rsa/Windows/build-dh.bat
deleted file mode 100644
index 74bc603..0000000
--- a/easy-rsa/Windows/build-dh.bat
+++ /dev/null
@@ -1,4 +0,0 @@
-@echo off
-cd %HOME%
-rem build a dh file for the server side
-openssl dhparam -out %KEY_DIR%/dh%KEY_SIZE%.pem %KEY_SIZE%
diff --git a/easy-rsa/Windows/build-key-pass.bat b/easy-rsa/Windows/build-key-pass.bat
deleted file mode 100644
index ab0b2a4..0000000
--- a/easy-rsa/Windows/build-key-pass.bat
+++ /dev/null
@@ -1,8 +0,0 @@
-@echo off
-cd %HOME%
-rem build a request for a cert that will be valid for ten years
-openssl req -days 3650 -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem sign the cert request with our ca, creating a cert/key pair
-openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem delete any .old files created in this process, to avoid future file creation errors
-del /q %KEY_DIR%\*.old
diff --git a/easy-rsa/Windows/build-key-pkcs12.bat b/easy-rsa/Windows/build-key-pkcs12.bat
deleted file mode 100644
index 1fc083e..0000000
--- a/easy-rsa/Windows/build-key-pkcs12.bat
+++ /dev/null
@@ -1,10 +0,0 @@
-@echo off
-cd %HOME%
-rem build a request for a cert that will be valid for ten years
-openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem sign the cert request with our ca, creating a cert/key pair
-openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem convert the key/cert and embed the ca cert into a pkcs12 file.
-openssl pkcs12 -export -inkey %KEY_DIR%\%1.key -in %KEY_DIR%\%1.crt -certfile %KEY_DIR%\ca.crt -out %KEY_DIR%\%1.p12
-rem delete any .old files created in this process, to avoid future file creation errors
-del /q %KEY_DIR%\*.old
diff --git a/easy-rsa/Windows/build-key-server-pass.bat b/easy-rsa/Windows/build-key-server-pass.bat
deleted file mode 100644
index 99ed4d3..0000000
--- a/easy-rsa/Windows/build-key-server-pass.bat
+++ /dev/null
@@ -1,8 +0,0 @@
-@echo off
-cd %HOME%
-rem build a request for a cert that will be valid for ten years
-openssl req -days 3650 -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem sign the cert request with our ca, creating a cert/key pair
-openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -extensions server -config %KEY_CONFIG%
-rem delete any .old files created in this process, to avoid future file creation errors
-del /q %KEY_DIR%\*.old
diff --git a/easy-rsa/Windows/build-key-server.bat b/easy-rsa/Windows/build-key-server.bat
deleted file mode 100644
index 20e3605..0000000
--- a/easy-rsa/Windows/build-key-server.bat
+++ /dev/null
@@ -1,8 +0,0 @@
-@echo off
-cd %HOME%
-rem build a request for a cert that will be valid for ten years
-openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem sign the cert request with our ca, creating a cert/key pair
-openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -extensions server -config %KEY_CONFIG%
-rem delete any .old files created in this process, to avoid future file creation errors
-del /q %KEY_DIR%\*.old
diff --git a/easy-rsa/Windows/build-key.bat b/easy-rsa/Windows/build-key.bat
deleted file mode 100644
index c040904..0000000
--- a/easy-rsa/Windows/build-key.bat
+++ /dev/null
@@ -1,8 +0,0 @@
-@echo off
-cd %HOME%
-rem build a request for a cert that will be valid for ten years
-openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem sign the cert request with our ca, creating a cert/key pair
-openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
-rem delete any .old files created in this process, to avoid future file creation errors
-del /q %KEY_DIR%\*.old
diff --git a/easy-rsa/Windows/clean-all.bat b/easy-rsa/Windows/clean-all.bat
deleted file mode 100644
index 71cbf4d..0000000
--- a/easy-rsa/Windows/clean-all.bat
+++ /dev/null
@@ -1,13 +0,0 @@
-@echo off
-rem move to the HOME directory specified in VARS script
-cd %HOME%
-rem set a temporary KEY_DIR variable
-set d=%KEY_DIR%
-rem delete the KEY_DIR and any subdirs quietly
-rmdir /s /q %d%
-rem make a new KEY_DIR
-mkdir %d%
-rem copy in a fesh index file so we begin with an empty database
-copy index.txt.start %d%\index.txt
-rem copy in a fresh serial file so we begin generating keys at index 01
-copy serial.start %d%\serial.
diff --git a/easy-rsa/Windows/index.txt.start b/easy-rsa/Windows/index.txt.start
deleted file mode 100644
index e69de29..0000000
--- a/easy-rsa/Windows/index.txt.start
+++ /dev/null
diff --git a/easy-rsa/Windows/init-config.bat b/easy-rsa/Windows/init-config.bat
deleted file mode 100755
index 12e6d78..0000000
--- a/easy-rsa/Windows/init-config.bat
+++ /dev/null
@@ -1 +0,0 @@
-copy vars.bat.sample vars.bat
diff --git a/easy-rsa/Windows/revoke-full.bat b/easy-rsa/Windows/revoke-full.bat
deleted file mode 100644
index ef2e4b5..0000000
--- a/easy-rsa/Windows/revoke-full.bat
+++ /dev/null
@@ -1,13 +0,0 @@
-@echo off
-cd %HOME%
-rem revoke cert
-openssl ca -revoke %KEY_DIR%\%1.crt -config %KEY_CONFIG%
-rem generate new crl
-openssl ca -gencrl -out %KEY_DIR%\crl.pem -config %KEY_CONFIG%
-rem test revocation
-rem first concatinate ca cert with newly generated crl
-copy %KEY_DIR%\ca.crt+%KEY_DIR%\crl.pem %KEY_DIR%\revoke_test_file.pem
-rem now verify the revocation
-openssl verify -CAfile %KEY_DIR%\revoke_test_file.pem -crl_check %KEY_DIR%\%1.crt
-rem delete temporary test file
-del /q %KEY_DIR%\revoke_test_file.pem
diff --git a/easy-rsa/Windows/serial.start b/easy-rsa/Windows/serial.start
deleted file mode 100644
index 8a0f05e..0000000
--- a/easy-rsa/Windows/serial.start
+++ /dev/null
@@ -1 +0,0 @@
-01
diff --git a/easy-rsa/Windows/vars.bat.sample b/easy-rsa/Windows/vars.bat.sample
deleted file mode 100644
index 36e6f71..0000000
--- a/easy-rsa/Windows/vars.bat.sample
+++ /dev/null
@@ -1,40 +0,0 @@
-@echo off
-rem Edit this variable to point to
-rem the openssl.cnf file included
-rem with easy-rsa.
-
-set HOME=%ProgramFiles%\OpenVPN\easy-rsa
-set KEY_CONFIG=openssl-1.0.0.cnf
-
-rem Edit this variable to point to
-rem your soon-to-be-created key
-rem directory.
-rem
-rem WARNING: clean-all will do
-rem a rm -rf on this directory
-rem so make sure you define
-rem it correctly!
-set KEY_DIR=keys
-
-rem Increase this to 2048 if you
-rem are paranoid. This will slow
-rem down TLS negotiation performance
-rem as well as the one-time DH parms
-rem generation process.
-set KEY_SIZE=1024
-
-rem These are the default values for fields
-rem which will be placed in the certificate.
-rem Change these to reflect your site.
-rem Don't leave any of these parms blank.
-
-set KEY_COUNTRY=US
-set KEY_PROVINCE=CA
-set KEY_CITY=SanFrancisco
-set KEY_ORG=OpenVPN
-set KEY_EMAIL=mail@host.domain
-set KEY_CN=changeme
-set KEY_NAME=changeme
-set KEY_OU=changeme
-set PKCS11_MODULE_PATH=changeme
-set PKCS11_PIN=1234