non interactive key generation - windows ver

OpenVPN tutorials ranging from configuration to hacks to compilation will be posted here.
Post Reply
User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

non interactive key generation - windows ver

Post by maikcat » Thu Feb 10, 2011 10:33 am

Personaly i preffer linux for generating certficates,
one reason is the non interactive mode for generating certificates which
can be accomplished by simply editing and removing the --interactive statement
found inside the build-key script.

Because the same functionality cannot be found in windows i decided to search it over...

here is my workaround:

1) edit the build-key.bat

original form

@echo off
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old


after changes

@echo off
SET KEY_CN=%1
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -batch -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -batch -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old

basically i added the -batch statement to both openssl commands and also set KEY_CN value on start of the script

2) edit openssl.cnf file

and add this at line 131

commonName_default = $ENV::KEY_CN

this is above line
commonName = Common Name (eg, your name or your server\'s hostname)

now you can create certificates non-interactively under windows...


Hope it helps someone.

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

nash
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 26, 2011 4:06 am

Re: non interactive key generation - windows ver

Post by nash » Thu Mar 03, 2011 8:00 am

Nice !!

hi007007
OpenVpn Newbie
Posts: 4
Joined: Mon Jun 06, 2011 9:18 pm

Re: non interactive key generation - windows ver

Post by hi007007 » Tue Jun 07, 2011 6:07 pm

Hey can please help me to work same thing into linux. Thanks.

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: non interactive key generation - windows ver

Post by maikcat » Wed Jun 08, 2011 6:53 am

hi there,

in linux things are more easy,

simply edit build-key script and remove --interactive parameter...

cheers,

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

hi007007
OpenVpn Newbie
Posts: 4
Joined: Mon Jun 06, 2011 9:18 pm

[SOLVED]Re: non interactive key generation - windows ver

Post by hi007007 » Wed Jun 08, 2011 11:32 pm

Thanks for your reply. Its works for me. I really appreciated.

Post Reply