In the past, I had always followed these instructions: https://openvpn.net/index.php/open-sour ... ml#install
But now it seems I can't do server+clients certificates generation on the same machine, e.g. with command build-key client1?
Code: Select all
1. Choose a system to act as your CA and create a new PKI and CA: ./easyrsa init-pki ./easyrsa build-ca 2. On the system that is requesting a certificate, init its own PKI and generate a keypair/request. Note that the init-pki is used only when this is done on a separate system (or at least a separate PKI dir.) This is the recommended procedure. If you are not using this recommended procedure, skip the next import-req step as well. ./easyrsa init-pki ./easyrsa gen-req EntityName 3. Transport the request (.req file) to the CA system and import it. The name given here is arbitrary and only used to name the request file. ./easyrsa import-req /tmp/path/to/import.req EntityName 4. Sign the request as the correct type. This example uses a client type: ./easyrsa sign-req client EntityName 5. Transport the newly signed certificate to the requesting entity. This entity may also need the CA cert (ca.crt) unless it had a prior copy. The entity now has its own keypair, and signed cert, and the CA.