VPN - generate a new user key

This is just a quick way to remember how to generate a user key for openvpn.


This operation need to be done everytime we want to add a user certificate.
In theory better to have a certificate for each user.
Here the steps to generate the keys. For each user this procedure need to be replicated.
The final goal is to have a file .ovpn to be sent to the user with the password used.

• be sure to be logged as admin (or use sudo)
• sudo -s
• cd /etc/openvpn/easy-rsa
• ./build-key-pass <username>
• cd keys
• openssl rsa -in <username>.key -des3 -out <username>.3des.key
• ./MakeOVPN.sh

A simpler way is to use this script (named gencert.sh and placed in /home/pi) that call all the sequence - be sure to call the script via sudo :

#!/bin/bash # # The script needs some inputs and needs to be run in sudo su: # - the name of the certificate (username) echo "----------------- Generate client certificates --------" echo "-- username : $1" cd /etc/openvpn/easy-rsa source vars ./build-key-pass $1 cd keys openssl rsa -in $1.key -des3 -out $1.3des.key ./MakeOVPN.sh