]>
Commit | Line | Data |
---|---|---|
ac397a39 JR |
1 | # vim: ft=bash |
2 | # easy-rsa parameter settings | |
3 | ||
4 | # NOTE: If you installed from an RPM, | |
5 | # don't edit this file in place in | |
6 | # /usr/share/openvpn/easy-rsa -- | |
7 | # instead, you should copy the whole | |
8 | # easy-rsa directory to another location | |
9 | # (such as /etc/openvpn) so that your | |
10 | # edits will not be wiped out by a future | |
11 | # OpenVPN package upgrade. | |
12 | ||
13 | # This variable should point to | |
14 | # the top level of the easy-rsa | |
15 | # tree. | |
16 | export EASY_RSA="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" | |
17 | ||
18 | # | |
19 | # This variable should point to | |
20 | # the requested executables | |
21 | # | |
22 | export OPENSSL="openssl" | |
23 | export PKCS11TOOL="pkcs11-tool" | |
24 | export GREP="grep" | |
25 | ||
26 | ||
27 | # This variable should point to | |
28 | # the openssl.cnf file included | |
29 | # with easy-rsa. | |
30 | export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` | |
31 | ||
32 | # Edit this variable to point to | |
33 | # your soon-to-be-created key | |
34 | # directory. | |
35 | # | |
36 | # WARNING: clean-all will do | |
37 | # a rm -rf on this directory | |
38 | # so make sure you define | |
39 | # it correctly! | |
40 | export KEY_DIR="$EASY_RSA/keys" | |
41 | ||
42 | # PKCS11 fixes | |
43 | export PKCS11_MODULE_PATH="dummy" | |
44 | export PKCS11_PIN="dummy" | |
45 | ||
46 | # Increase this to 2048 if you | |
47 | # are paranoid. This will slow | |
48 | # down TLS negotiation performance | |
49 | # as well as the one-time DH parms | |
50 | # generation process. | |
51 | export KEY_SIZE=2048 | |
52 | ||
53 | # In how many days should the root CA key expire? | |
54 | export CA_EXPIRE=3650 | |
55 | ||
56 | # In how many days should certificates expire? | |
57 | export KEY_EXPIRE=90 | |
58 | export KEY_EXPIRE_SERVER=3650 | |
59 | ||
60 | # These are the default values for fields | |
61 | # which will be placed in the certificate. | |
62 | # Don't leave any of these fields blank. | |
63 | export KEY_COUNTRY="US" | |
64 | export KEY_PROVINCE="" | |
65 | export KEY_CITY="" | |
66 | export KEY_ORG="" | |
67 | export KEY_EMAIL="" | |
68 | #export KEY_OU="" #XXX set by script | |
69 | ||
70 | # X509 Subject Field | |
71 | export KEY_NAME="VPN-Prov" | |
72 | ||
73 | # PKCS11 Smart Card | |
74 | # export PKCS11_MODULE_PATH="/usr/lib/changeme.so" | |
75 | # export PKCS11_PIN=1234 | |
76 | ||
77 | # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below | |
78 | # You will also need to make sure your OpenVPN server config has the duplicate-cn option set | |
79 | #export KEY_CN="CommonName" # set by script, otherwise should be set by hand |