KEY Generation

Support forum for Easy-RSA certificate management suite.
Post Reply
bdm
OpenVpn Newbie
Posts: 7
Joined: Tue Jun 13, 2017 9:37 pm

KEY Generation

Post by bdm » Tue Jun 13, 2017 9:44 pm

I've been using OpenVPN as a Docker for a year with great success. I've recently upgraded my Router to a D-Link DSR-500 that has a built in OpenVPN server / Client.

I've started to work on the Open VPN Server configuration and have hit a problem I've not been able to resolve. Generating DH Keys

In my docker I was able to go to SSLForFree.net and create the certs necessary to get openvpn up and running. Seems the version that on my new firewall requires several different files to be uploaded.

Trusted Certificate (CA Certificate) - Got it
Server / Client Certificate - Got it
Server / Client Key - Got it

DH Key - Need it
Tis Authentication Key - Need it
CRL Certificate - Need it

So I'm asking can someone guide as to how to create these files?

Thanks

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2810
Joined: Fri Jun 03, 2016 1:17 pm

Re: KEY Generation

Post by TinCanTech » Tue Jun 13, 2017 9:59 pm


bdm
OpenVpn Newbie
Posts: 7
Joined: Tue Jun 13, 2017 9:37 pm

Re: KEY Generation

Post by bdm » Tue Jun 13, 2017 10:15 pm

From the readme file that appears to be on the right path, but, even though it says it comes with the windows exe files the bat doesn't work. Is the only way to do this to spin up a unix / linux client?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2810
Joined: Fri Jun 03, 2016 1:17 pm

Re: KEY Generation

Post by TinCanTech » Tue Jun 13, 2017 10:38 pm

Look closer .. :ugeek:

bdm
OpenVpn Newbie
Posts: 7
Joined: Tue Jun 13, 2017 9:37 pm

Re: KEY Generation

Post by bdm » Tue Jun 13, 2017 10:51 pm

TinCanTech wrote:Look closer .. :ugeek:
Very help full.. I've read both readme, found openssl run that still nada.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2810
Joined: Fri Jun 03, 2016 1:17 pm

Re: KEY Generation

Post by TinCanTech » Tue Jun 13, 2017 11:23 pm

Everything you need for either windows or linux is on the end of those links.

bdm
OpenVpn Newbie
Posts: 7
Joined: Tue Jun 13, 2017 9:37 pm

Re: KEY Generation

Post by bdm » Tue Jun 13, 2017 11:29 pm

I've gotten everything but the Tis key created... See no windows command to create it. If you'd like to point me to the command that would be wonderful.

Most of my reading says to use 2048-bit keys or higher, Im my test run of making the keys seems the default is 1024, is there a command to change that? have not found that in my reading.

thx

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2810
Joined: Fri Jun 03, 2016 1:17 pm

Re: KEY Generation

Post by TinCanTech » Tue Jun 13, 2017 11:42 pm

bdm wrote:I've gotten everything but the Tis key created
You mean TLS key ..

See hardening here

bdm
OpenVpn Newbie
Posts: 7
Joined: Tue Jun 13, 2017 9:37 pm

Re: KEY Generation

Post by bdm » Tue Jun 13, 2017 11:59 pm

TinCanTech wrote:
bdm wrote:I've gotten everything but the Tis key created
You mean TLS key ..

See hardening here
Your replys were very prompt, but did not shine much light on the issues. Thanks for the time, but I'm not looking for 500 pages of information to read through.

All of the documentation you've linked to I've read over, searched, and picked through for the specific questions I had. Then finding none I came to a community support form only to be directed back to the same documentation I had used to answered my questions to begin with.

If anyone knows the command to switch the windows cert / key process to 2048 bit that would be greatly appreciated.
If anyone knows the windows command to create the Tls cert that would be appreciated.

Heres what i have so far..

init-config
vars
clean-all
build-ca
build-key-server server
build-key client1
build-dh



I've tried this but haven't gotten the key to generate as of yet. openvpn --genkey --secret ta.key

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2810
Joined: Fri Jun 03, 2016 1:17 pm

Re: KEY Generation

Post by TinCanTech » Wed Jun 14, 2017 12:15 am

bdm wrote:Your replys were very prompt, but did not shine much light on the issues. Thanks for the time, but I'm not looking for 500 pages of information to read through.

All of the documentation you've linked to I've read over, searched, and picked through for the specific questions I had. Then finding none I came to a community support form only to be directed back to the same documentation I had used to answered my questions to begin with.
You appear to be doing fine .. so I'll just carry on ..
bdm wrote:If anyone knows the command to switch the windows cert / key process to 2048 bit that would be greatly appreciated
See README.txt in .\easy-rsa
bdm wrote:I've tried this but haven't gotten the key to generate as of yet. openvpn --genkey --secret ta.key
What error message did you get ?

bdm
OpenVpn Newbie
Posts: 7
Joined: Tue Jun 13, 2017 9:37 pm

Re: KEY Generation

Post by bdm » Wed Jun 14, 2017 12:26 am

I have the ta issue fixed.. thx to another user

the readme has nothing in it about changing encryption levels that I've seen, and I've looked over both read me files several times.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2810
Joined: Fri Jun 03, 2016 1:17 pm

Re: KEY Generation

Post by TinCanTech » Wed Jun 14, 2017 1:47 am

It is clearly documented.

Post Reply