How to create easy-rsa key for non-existing client at OpenVPN Server
1. Connect your OPENVPN Server via ssh.
2. Change your directory to easy-rsa directory, mine is: “/usr/share/doc/openvpn/examples/easy-rsa/2.0/
3. Run the commands below for to create a new rsa key of “Cihan Dogan”:
#. ./vars #./build-key cihan.dogan
4. You will see the informations below, give your answers to the corresponding questions like below:
Generating a 1024 bit RSA private key
…………++++++
……………++++++
writing new private key to ‘cihan.dogan.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [US]:TR
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:ISTANBUL
Organization Name (eg, company) [Fort-Funston]:TRISTIT
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) [cihan.dogan]:
Name []:
Email Address [me@myhost.mydomain]:cihan.dogan@tristit.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’TR’
stateOrProvinceName :PRINTABLE:’CA’
localityName :PRINTABLE:’ISTANBUL’
organizationName :PRINTABLE:’TRISTIT’
commonName :PRINTABLE:’cihan.dogan’
emailAddress :IA5STRING:’cihan.dogan@tristit.com’
Certificate is to be certified until May 29 16:55:57 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
5. Now you just created your easy-rsa keys for Cihan Dogan. Default directory of the key is: “/usr/share/doc/openvpn/examples/easy-rsa/2.0/keys”
6. So change your directory to “/usr/share/doc/openvpn/examples/easy-rsa/2.0/keys” and see what you created for Cihan Dogan:
#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys
tunel:/usr/share/doc/openvpn/examples/easy-rsa/2.0/keys#ls -al
7. So as you see, you have “cihan.dogan.key”, “cihan.dogan.csr”, “cihan.dogan.crt” under the keys directory. Just rename “cihan.dogan.crt” to “client.crt” and “cihan.dogan.key” to “client.key”, and send them to your client via secure way for to allow his connection.
Remark1: Do not forget to send “ca.crt” file also to your client. Because he will need this file also for to connect your openvpn server.
Remark2: You have to define a unique compensation to the variable “Common Name”. Otherwise the client’s connection can interrupt in a while.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Hi Garyk,
Actually i was started to work on A.D. integration of OpenVPN, but because of my incapacitated time, could not finish. When it is done, i will post it.
best article I read about this yet!