misc updates

diff --git a/README.md b/README.md
index ec436254b025a6a1fd7e2421c80f6260f92d1d01..aa40217d0d6be26d46f1ee3f28f10d93d6018632 100644 (file)
--- a/README.md
+++ b/README.md
@@ -8,9 +8,9 @@
 1. `mkdir keys && sudo chown <php username> keys`
 1. Access /init.php to create the necessary files.  
    (This script is idempotent and won't re-do anything, so you can leave it in place afterwards)
-1. `./build-ca`
-1. `./build-key <name>` to test
-1. `./build-key-server <name>` to create server keys
+1. `sudo -u <php username> ./build-key <name>` to test
+1. `sudo -u <php username> ./build-key-server <name>` to create server keys
+   There is also `./revoke-full <name>` if you should need to revoke a key.
 
 To start fresh: `rm -rf easy-rsa/keys`
 

diff --git a/create-cert.sh b/create-cert.sh
index 9adb2c8c814e5305ceb986647bf292d569b8e4b3..072f0618fe15c65984c39614aa2816e69b9965ca 100755 (executable)
--- a/create-cert.sh
+++ b/create-cert.sh
@@ -17,6 +17,7 @@ $(cat ta.key)
 </tls-auth>
 
 <ca>
+$(cat easy-rsa/keys/rootca.crt)
 $(cat easy-rsa/keys/ca.crt)
 </ca>
 

diff --git a/easy-rsa/keys/index.txt.attr b/easy-rsa/keys/index.txt.attr
new file mode 100644 (file)
index 0000000..3a7e39e
--- /dev/null
+++ b/easy-rsa/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no

diff --git a/easy-rsa/revoke-full b/easy-rsa/revoke-full
index 439f6a032f009ee29f0ae9e888b2af1d11a4f814..d3514e4f56e23596f527b6ae5825f2b3f1435d1b 100755 (executable)
--- a/easy-rsa/revoke-full
+++ b/easy-rsa/revoke-full
@@ -21,7 +21,15 @@ if [ "$KEY_DIR" ]; then
     export KEY_NAME=""
 
     # revoke key and generate a new CRL
-    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+    if [ -f "$1.crt" ]; then
+        crtname="$1.crt"
+    elif [ -f "$1.pem" ]; then
+        crtname="$1.pem"
+    else
+        echo "That certificate doesn't exist ($1.crt or $1.pem)"
+        exit
+    fi
+    $OPENSSL ca -revoke "$crtname" -config "$KEY_CONFIG"
 
     # generate a new CRL -- try to be compatible with
     # intermediate PKIs
@@ -33,7 +41,7 @@ if [ "$KEY_DIR" ]; then
     fi
 
     # verify the revocation
-    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+    $OPENSSL verify -CAfile "$RT" -crl_check "$crtname"
 else
     echo 'Please source the vars script first (i.e. "source ./vars")'
     echo 'Make sure you have edited it to reflect your configuration.'

diff --git a/gpresult.html b/gpresult.html
index ad6f1a13a1a0c87b331b382bbb9275a30667f983..c1cdc318b5892e1cdce224c0c1844be5d9e2fd12 100755 (executable)
Binary files a/gpresult.html and b/gpresult.html differ

diff --git a/install-openvpn.bat b/install-openvpn.bat
index 2ba9883f8b4d23c2ab158d02d9ec7ecb0f12c828..ac385bbdb4a33010ec89407d484c0880b51cb67e 100755 (executable)
--- a/install-openvpn.bat
+++ b/install-openvpn.bat
@@ -1,5 +1,7 @@
+if not exist "C:\Program Files\OpenVPN\config-auto\vpnprov.ovpn" del "C:\Program Files\OpenVPN\config-auto\*.ovpn" "C:\Program Files\OpenVPN\config\*.ovpn"\r
+\r
 mkdir "C:\Program Files\OpenVPN\config-auto"\r
-curl -u : --negotiate -o "C:\Program Files\OpenVPN\config-auto\vpnprov-%COMPUTERNAME%.ovpn" "https://example.com/vpn-prov/create.php"\r
+curl -u : --negotiate -o "C:\Program Files\OpenVPN\config-auto\vpnprov.ovpn" "https://example.com/vpn-prov/create.php"\r
 \r
 start /wait msiexec /i \\server\share\OpenVPN-2.6.6-I001-amd64.msi /quiet /qn /norestart /log c:\windows\temp\openvpn.msi.log ADDLOCAL=OpenVPN.Service,Drivers.OvpnDco,OpenVPN,Drivers,Drivers.TAPWindows6,Drivers.Wintun\r
 \r