Translate

Saturday, August 18, 2018

VPN - generate a new user key


This is just a quick way to remember how to generate a user key for openvpn.


This operation need to be done everytime we want to add a user certificate.
In theory better to have a certificate for each user.
Here the steps to generate the keys. For each user this procedure need to be replicated.
The final goal is to have a file .ovpn to be sent to the user with the password used.
  • be sure to be logged as admin (or use sudo)
  • sudo -s
  • cd /etc/openvpn/easy-rsa
  • ./build-key-pass <username>
  • cd keys
  • openssl rsa -in <username>.key -des3 -out <username>.3des.key
  • ./MakeOVPN.sh

A simpler way is to use this script (named gencert.sh and placed in /home/pi) that call all the sequence - be sure to call the script via sudo :

#!/bin/bash
#
# The script needs some inputs and needs to be run in sudo su:
# - the name of the certificate (username)
echo "----------------- Generate client certificates --------"
echo "-- username : $1"
cd /etc/openvpn/easy-rsa
source vars
./build-key-pass $1
cd keys
openssl rsa -in $1.key -des3 -out $1.3des.key
./MakeOVPN.sh

No comments:

Post a Comment