Page 1 of 1
Generate key and Certificate automatically ?
Posted: Wed Mar 02, 2011 8:16 am
by nash
I want to deploy the OpenVPN server to many PC, and I want to use the different Server key and certificate on each server. When I generate a key+cert I have to manually interact with the console, putting the information, answer to confirmation question, sort of that.
Is there a way to generate key and cert automatically by using a script or something with out human involve?
I design to use the same ca for every server but different server key and cert. And the authentication method that I use is user/pass only so the client cert is not concerned.
Regards
Re: Generate key and Certificate automatically ?
Posted: Wed Mar 02, 2011 8:41 am
by maikcat
hi there,
please take a look here:
topic7620.html
cheers,
michael.
Re: Generate key and Certificate automatically ?
Posted: Wed Mar 02, 2011 8:45 am
by Bebop
[Edit] You want to deploy many servers. I mistook your intention for something else. The following code may still be of some use.
If Linux, here's the code for generating keys. As for anything else you need to do.. all the command line tools are in /etc/openvpn/easy-rsa/2.0
Code: Select all
#!/bin/bash
#
#$1 hold the cmd line argument
#A unique server name is what you should pass here
#
server_name=$1
#
#if no cmd line, exit.
#
if [ x$server_name = x ]; then
echo "Usage: $0 servername"
exit 1
fi
#
#change to the working directory
#
cd /etc/openvpn/easy-rsa/2.0
#
#generate a new key in this dir
#
if [ ! -e ./keys/$server_name.key ]; then
echo "Generating keys..."
. vars
./pkitool $server_name
echo "...keys generated [1]."
fi
that will generate a .key and .crt.
it was designed for generating client key and crts. Not sure if it will work for server key and crts too.
Re: Generate key and Certificate automatically ?
Posted: Wed Mar 02, 2011 9:19 am
by janjust
to follow up on BeBop's post: run
to see the list of available options. It's perfectly well possible to generate a server cert on the fly:
etc. However, auto-generating certificates _IS_ a security risk : how will you prevent abuse/misuse?
Re: Generate key and Certificate automatically ?
Posted: Wed Mar 02, 2011 9:37 am
by nash
A lot of useful information. Thank you guys very much
