summaryrefslogtreecommitdiff
path: root/easy-rsa/Windows/README.txt
blob: 2ede7b1b55ef39e19d5cc3de1f7825e33e7730a8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Extract all zip'd files to the OpenVPN home directory,
including the openssl.cnf file from the top-level
"easy-rsa" directory.

First run init-config.bat

Next, edit vars.bat to adapt it to your environment, and
create the directory that will hold your key files.

To generate TLS keys:

Create new empty index and serial files (once only)
1. vars
2. clean-all

Build a CA key (once only)
1. vars
2. build-ca

Build a DH file (for server side, once only)
1. vars
2. build-dh

Build a private key/certficate for the openvpn server
1. vars
2. build-key-server <machine-name>

Build key files in PEM format (for each client machine)
1. vars
2. build-key <machine-name>
   (use <machine name> for specific name within script)

or

Build key files in PKCS #12 format (for each client machine)
1. vars
2. build-key-pkcs12 <machine-name>
   (use <machine name> for specific name within script)

To revoke a TLS certificate and generate a CRL file:
1. vars
2. revoke-full <machine-name>
3. verify last line of output confirms revokation
4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>"