I am somewhat new to OpenVPN and couldn't find the answer to this question. I setup a test OpenVPN server on Ubuntu server 16.04 using the excellent guide on digitalocean.com. After working through some problems with differences in the .ovpn file for the iOS client vs the Mac Viscosity client, every thing is working. I now want to move to a production server. I see a lot of explanations on moving the server by copying /etc/openvpn files, but I want to move the EasyRSA PKI to another machine for future certificate management, possibly on an encrypted disk partition or disk image.
The guide I followed used make-cadir to create a a ~/openvpn-ca directory which has pointers to the scripts in /usr/share/easy-rsa. So, how do I move the existing PKI to another machine? Do I just copy ~/openvpn-ca/* and ~/client-configs/* to the new machine? Are there any pointers in config files that need to be changed? What if I don't have it under the home directory (~) but on another encrypted mounted volume which will be under /Volumes?
Any help is greatly appreciated.
Move EasyRSA PKI to Different Computer
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Nov 23, 2016 3:59 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Move EasyRSA PKI to Different Computer
This Forum does not provide support for nor review 3rd party tutorials.
Please see the official documentation:
Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients
https://community.openvpn.net/openvpn/wiki/EasyRSA
Please see the official documentation:
Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients
https://community.openvpn.net/openvpn/wiki/EasyRSA
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Nov 23, 2016 3:59 pm
Re: Move EasyRSA PKI to Different Computer
Sorry I wasn't entirely clear in my post. I am not looking for support for any tutorial. I have read the documentation. Let me re-phrase my question in a more generic way:
Has anyone converted or migrated a CA/PKI from Easy-RSA 2 to Easy-RSA 3? Any suggestions on the method would be appreciated.
Has anyone converted or migrated a CA/PKI from Easy-RSA 2 to Easy-RSA 3? Any suggestions on the method would be appreciated.