Hi all
I want to generate some server certificates for my OpenVPN server and I'm using OpenVPN Access Server. This article (http://openvpn.net/index.php/open-sourc ... .html#mitm) talks about using the easy-rsa tools. I found this article (https://help.ubuntu.com/community/OpenVPN#Generating Certificates) which told me where the easy-rsa tools are and how to use them.
I'm not sure where the generated certificates should go, since I'm using OpenVPN-AS instead of just the standard OpenVPN server. OpenVPN-AS installed into /usr/local/openvpn_as/. Should the certificates go into /usr/local/openvpn_as/etc?
Am I right in thinking that OpenVPN AS wraps up the standard OpenVPN server into /usr/local/openvpn_as? So, any configuration documents I read that refer to /etc/openvpn I should perform the same steps but inside /usr/local/openvpn_as?
Many thanks for reading
root@ubuntu:/usr/local/openvpn_as# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04.3 LTS
Release: 10.04
Codename: lucid
Where to place server certificates
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Aug 29, 2011 8:11 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Sep 13, 2011 9:40 pm
Re: Where to place server certificates
Do you already have OpenVPN AS up and running? If so, then I think this is what you want:
http://openvpn.net/index.php/access-ser ... icate.html
If you are trying to setup AS for the first time, I don't think you need to manually generate any certificates and/or keys using easy-rsa.
Just log in to AS client web UI at https://serverip_or_dns_name:web_ui_port/ as the user you want to generate a configuration for. There will be link to download a client.conf file with all the config embedded in it. Use this on the client and you should be able to access the server.
http://openvpn.net/index.php/access-ser ... icate.html
If you are trying to setup AS for the first time, I don't think you need to manually generate any certificates and/or keys using easy-rsa.
Just log in to AS client web UI at https://serverip_or_dns_name:web_ui_port/ as the user you want to generate a configuration for. There will be link to download a client.conf file with all the config embedded in it. Use this on the client and you should be able to access the server.