97 lines
2.5 KiB
Plaintext
97 lines
2.5 KiB
Plaintext
# easy-rsa parameter settings
|
|
|
|
# NOTE: If you installed from an RPM,
|
|
# don't edit this file in place in
|
|
# /usr/share/openvpn/easy-rsa --
|
|
# instead, you should copy the whole
|
|
# easy-rsa directory to another location
|
|
# (such as /etc/openvpn) so that your
|
|
# edits will not be wiped out by a future
|
|
# OpenVPN package upgrade.
|
|
|
|
# This variable should point to
|
|
# the top level of the easy-rsa
|
|
# tree.
|
|
##export EASY_RSA="`pwd`"
|
|
export BASE_DIR="/etc/openvpn/akb"
|
|
export EASY_RSA="$BASE_DIR/easy-rsa"
|
|
|
|
#
|
|
# This variable should point to
|
|
# the requested executables
|
|
#
|
|
export OPENSSL="openssl"
|
|
export PKCS11TOOL="pkcs11-tool"
|
|
export GREP="grep"
|
|
|
|
|
|
# This variable should point to
|
|
# the openssl.cnf file included
|
|
# with easy-rsa.
|
|
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
|
|
|
# Edit this variable to point to
|
|
# your soon-to-be-created key
|
|
# directory.
|
|
#
|
|
# WARNING: clean-all will do
|
|
# a rm -rf on this directory
|
|
# so make sure you define
|
|
# it correctly!
|
|
##export KEY_DIR="$EASY_RSA/keys"
|
|
export KEY_DIR="$BASE_DIR/keys"
|
|
|
|
# Issue rm -rf warning
|
|
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
|
|
|
|
# PKCS11 fixes
|
|
export PKCS11_MODULE_PATH="dummy"
|
|
export PKCS11_PIN="dummy"
|
|
|
|
# Increase this to 2048 if you
|
|
# are paranoid. This will slow
|
|
# down TLS negotiation performance
|
|
# as well as the one-time DH parms
|
|
# generation process.
|
|
##export KEY_SIZE=2048
|
|
export KEY_SIZE=4096
|
|
|
|
# In how many days should the root CA key expire?
|
|
##export CA_EXPIRE=3650
|
|
export CA_EXPIRE=11688
|
|
|
|
# In how many days should certificates expire?
|
|
##export KEY_EXPIRE=3650
|
|
export KEY_EXPIRE=7305
|
|
|
|
# These are the default values for fields
|
|
# which will be placed in the certificate.
|
|
# Don't leave any of these fields blank.
|
|
##export KEY_COUNTRY="US"
|
|
export KEY_COUNTRY="DE"
|
|
##export KEY_PROVINCE="CA"
|
|
export KEY_PROVINCE="Berlin"
|
|
##export KEY_CITY="SanFrancisco"
|
|
export KEY_CITY="Berlin"
|
|
##export KEY_ORG="Fort-Funston"
|
|
export KEY_ORG="o.open"
|
|
##export KEY_EMAIL="me@myhost.mydomain"
|
|
export KEY_EMAIL="argus@oopen.de"
|
|
##export KEY_OU="MyOrganizationalUnit"
|
|
export KEY_OU="Network Services"
|
|
|
|
# X509 Subject Field
|
|
##export KEY_NAME="EasyRSA"
|
|
export KEY_NAME="VPN AKB"
|
|
|
|
# PKCS11 Smart Card
|
|
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
|
|
# export PKCS11_PIN=1234
|
|
|
|
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
|
|
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
|
|
## export KEY_CN="CommonName"
|
|
export KEY_CN="VPN-AKB"
|
|
|
|
export KEY_ALTNAMES="VPN AKB"
|