Initial commit
This commit is contained in:
95
Kanzlei-Kiel/openvpn/easy-rsa/vars
Normal file
95
Kanzlei-Kiel/openvpn/easy-rsa/vars
Normal file
@ -0,0 +1,95 @@
|
||||
# easy-rsa parameter settings
|
||||
|
||||
# NOTE: If you installed from an RPM,
|
||||
# don't edit this file in place in
|
||||
# /usr/share/openvpn/easy-rsa --
|
||||
# instead, you should copy the whole
|
||||
# easy-rsa directory to another location
|
||||
# (such as /etc/openvpn) so that your
|
||||
# edits will not be wiped out by a future
|
||||
# OpenVPN package upgrade.
|
||||
|
||||
# This variable should point to
|
||||
# the top level of the easy-rsa
|
||||
# tree.
|
||||
##export EASY_RSA="`pwd`"
|
||||
export BASE_DIR="/etc/openvpn"
|
||||
export EASY_RSA="$BASE_DIR/easy-rsa"
|
||||
|
||||
#
|
||||
# This variable should point to
|
||||
# the requested executables
|
||||
#
|
||||
export OPENSSL="openssl"
|
||||
export PKCS11TOOL="pkcs11-tool"
|
||||
export GREP="grep"
|
||||
|
||||
|
||||
# This variable should point to
|
||||
# the openssl.cnf file included
|
||||
# with easy-rsa.
|
||||
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
||||
|
||||
# Edit this variable to point to
|
||||
# your soon-to-be-created key
|
||||
# directory.
|
||||
#
|
||||
# WARNING: clean-all will do
|
||||
# a rm -rf on this directory
|
||||
# so make sure you define
|
||||
# it correctly!
|
||||
##export KEY_DIR="$EASY_RSA/keys"
|
||||
export KEY_DIR="$BASE_DIR/keys"
|
||||
|
||||
# Issue rm -rf warning
|
||||
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
|
||||
|
||||
# PKCS11 fixes
|
||||
export PKCS11_MODULE_PATH="dummy"
|
||||
export PKCS11_PIN="dummy"
|
||||
|
||||
# Increase this to 2048 if you
|
||||
# are paranoid. This will slow
|
||||
# down TLS negotiation performance
|
||||
# as well as the one-time DH parms
|
||||
# generation process.
|
||||
export KEY_SIZE=2048
|
||||
|
||||
# In how many days should the root CA key expire?
|
||||
##export CA_EXPIRE=3650
|
||||
export CA_EXPIRE=11688
|
||||
|
||||
# In how many days should certificates expire?
|
||||
##export KEY_EXPIRE=3650
|
||||
export KEY_EXPIRE=7305
|
||||
|
||||
# These are the default values for fields
|
||||
# which will be placed in the certificate.
|
||||
# Don't leave any of these fields blank.
|
||||
##export KEY_COUNTRY="US"
|
||||
export KEY_COUNTRY="DE"
|
||||
##export KEY_PROVINCE="CA"
|
||||
export KEY_PROVINCE="Berlin"
|
||||
##export KEY_CITY="SanFrancisco"
|
||||
export KEY_CITY="Berlin"
|
||||
##export KEY_ORG="Fort-Funston"
|
||||
export KEY_ORG="O.OPEN"
|
||||
##export KEY_EMAIL="me@myhost.mydomain"
|
||||
export KEY_EMAIL="ckubu-adm@oopen.de"
|
||||
##export KEY_OU="MyOrganizationalUnit"
|
||||
export KEY_OU="Network Services"
|
||||
|
||||
# X509 Subject Field
|
||||
##export KEY_NAME="EasyRSA"
|
||||
export KEY_NAME="VPN Kanzlei Kiel"
|
||||
|
||||
# PKCS11 Smart Card
|
||||
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
|
||||
# export PKCS11_PIN=1234
|
||||
|
||||
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
|
||||
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
|
||||
## export KEY_CN="CommonName"
|
||||
export KEY_CN="VPN-Kanzlei-Kiel"
|
||||
|
||||
export KEY_ALTNAMES="VPN Kanzlei Kiel"
|
||||
Reference in New Issue
Block a user