In the past, I had always followed these instructions: https://openvpn.net/index.php/open-sour ... ml#install
But now it seems I can't do server+clients certificates generation on the same machine, e.g. with command build-key client1?
Code: Select all
1. Choose a system to act as your CA and create a new PKI and CA:
./easyrsa init-pki
./easyrsa build-ca
2. On the system that is requesting a certificate, init its own PKI and generate a keypair/request. Note that the init-pki is used only when this is done on a separate system (or at least a separate PKI dir.) This is the recommended procedure. If you are not using this recommended procedure, skip the next import-req step as well.
./easyrsa init-pki
./easyrsa gen-req EntityName
3. Transport the request (.req file) to the CA system and import it. The name given here is arbitrary and only used to name the request file.
./easyrsa import-req /tmp/path/to/import.req EntityName
4. Sign the request as the correct type. This example uses a client type:
./easyrsa sign-req client EntityName
5. Transport the newly signed certificate to the requesting entity. This entity may also need the CA cert (ca.crt) unless it had a prior copy.
The entity now has its own keypair, and signed cert, and the CA.
Thanks!