2 # easy-rsa parameter settings
4 # NOTE: If you installed from an RPM,
5 # don't edit this file in place in
6 # /usr/share/openvpn/easy-rsa --
7 # instead, you should copy the whole
8 # easy-rsa directory to another location
9 # (such as /etc/openvpn) so that your
10 # edits will not be wiped out by a future
11 # OpenVPN package upgrade.
13 # This variable should point to
14 # the top level of the easy-rsa
16 export EASY_RSA="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
19 # This variable should point to
20 # the requested executables
22 export OPENSSL="openssl"
23 export PKCS11TOOL="pkcs11-tool"
27 # This variable should point to
28 # the openssl.cnf file included
30 export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
32 # Edit this variable to point to
33 # your soon-to-be-created key
36 # WARNING: clean-all will do
37 # a rm -rf on this directory
38 # so make sure you define
40 export KEY_DIR="$EASY_RSA/keys"
43 export PKCS11_MODULE_PATH="dummy"
44 export PKCS11_PIN="dummy"
46 # Increase this to 2048 if you
47 # are paranoid. This will slow
48 # down TLS negotiation performance
49 # as well as the one-time DH parms
53 # In how many days should the root CA key expire?
56 # In how many days should certificates expire?
58 export KEY_EXPIRE_SERVER=3650
60 # These are the default values for fields
61 # which will be placed in the certificate.
62 # Don't leave any of these fields blank.
63 export KEY_COUNTRY="US"
64 export KEY_PROVINCE=""
68 #export KEY_OU="" #XXX set by script
71 export KEY_NAME="VPN-Prov"
74 # export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
75 # export PKCS11_PIN=1234
77 # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
78 # You will also need to make sure your OpenVPN server config has the duplicate-cn option set
79 #export KEY_CN="CommonName" # set by script, otherwise should be set by hand