Generate key and Certificate automatically ?

[nash]

I want to deploy the OpenVPN server to many PC, and I want to use the different Server key and certificate on each server. When I generate a key+cert I have to manually interact with the console, putting the information, answer to confirmation question, sort of that.

Is there a way to generate key and cert automatically by using a script or something with out human involve?
I design to use the same ca for every server but different server key and cert. And the authentication method that I use is user/pass only so the client cert is not concerned.

Regards

[maikcat]

hi there,

please take a look here:

topic7620.html


cheers,

michael.

[Bebop]

[Edit] You want to deploy many servers. I mistook your intention for something else. The following code may still be of some use.

If Linux, here's the code for generating keys. As for anything else you need to do.. all the command line tools are in /etc/openvpn/easy-rsa/2.0

Code: Select all

#!/bin/bash
#
#$1 hold the cmd line argument
#A unique server name is what you should pass here
#
server_name=$1

#
#if no cmd line, exit.
#
if [ x$server_name = x ]; then
    echo "Usage: $0 servername"
    exit 1 
fi

#
#change to the working directory
#
cd /etc/openvpn/easy-rsa/2.0

#
#generate a new key in this dir
#	
if [ ! -e ./keys/$server_name.key ]; then
    echo "Generating keys..."
    . vars
    ./pkitool $server_name
    echo "...keys generated [1]."	
fi
	

that will generate a .key and .crt.

it was designed for generating client key and crts. Not sure if it will work for server key and crts too.

[janjust]

to follow up on BeBop's post: run

Code: Select all

pkitool --help

to see the list of available options. It's perfectly well possible to generate a server cert on the fly:

Code: Select all

pkitool --server $server_name

etc. However, auto-generating certificates _IS_ a security risk : how will you prevent abuse/misuse?

[nash]

A lot of useful information. Thank you guys very much