# easy-rsa parameter settings # NOTE: If you installed from an RPM, # don't edit this file in place in # /usr/share/openvpn/easy-rsa -- # instead, you should copy the whole # easy-rsa directory to another location # (such as /etc/openvpn) so that your # edits will not be wiped out by a future # OpenVPN package upgrade. # This variable should point to # the top level of the easy-rsa # tree. ##export EASY_RSA="`pwd`" export BASE_DIR="/etc/openvpn/gw-ckubu" export EASY_RSA="$BASE_DIR/easy-rsa" # # This variable should point to # the requested executables # export OPENSSL="openssl" export PKCS11TOOL="pkcs11-tool" export GREP="grep" # This variable should point to # the openssl.cnf file included # with easy-rsa. export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` # Edit this variable to point to # your soon-to-be-created key # directory. # # WARNING: clean-all will do # a rm -rf on this directory # so make sure you define # it correctly! ##export KEY_DIR="$EASY_RSA/keys" export KEY_DIR="$BASE_DIR/keys" # Issue rm -rf warning echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR # PKCS11 fixes export PKCS11_MODULE_PATH="dummy" export PKCS11_PIN="dummy" # Increase this to 2048 if you # are paranoid. This will slow # down TLS negotiation performance # as well as the one-time DH parms # generation process. ##export KEY_SIZE=2048 export KEY_SIZE=4096 # In how many days should the root CA key expire? ##export CA_EXPIRE=3650 export CA_EXPIRE=11688 # In how many days should certificates expire? ##export KEY_EXPIRE=3650 export KEY_EXPIRE=7305 # These are the default values for fields # which will be placed in the certificate. # Don't leave any of these fields blank. ##export KEY_COUNTRY="US" export KEY_COUNTRY="DE" ##export KEY_PROVINCE="CA" export KEY_PROVINCE="Berlin" ##export KEY_CITY="SanFrancisco" export KEY_CITY="Berlin" ##export KEY_ORG="Fort-Funston" export KEY_ORG="o.open" ##export KEY_EMAIL="me@myhost.mydomain" export KEY_EMAIL="argus@oopen.de" ##export KEY_OU="MyOrganizationalUnit" export KEY_OU="Network Services" # X509 Subject Field ##export KEY_NAME="EasyRSA" export KEY_NAME="VPN ANW-URB" # PKCS11 Smart Card # export PKCS11_MODULE_PATH="/usr/lib/changeme.so" # export PKCS11_PIN=1234 # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below # You will also need to make sure your OpenVPN server config has the duplicate-cn option set ## export KEY_CN="CommonName" export KEY_CN="VPN-ANW-URB" export KEY_ALTNAMES="VPN-ANW-URB"