1. `mkdir keys && sudo chown <php username> keys`
1. Access /init.php to create the necessary files.
(This script is idempotent and won't re-do anything, so you can leave it in place afterwards)
-1. `./build-ca`
-1. `./build-key <name>` to test
-1. `./build-key-server <name>` to create server keys
+1. `sudo -u <php username> ./build-key <name>` to test
+1. `sudo -u <php username> ./build-key-server <name>` to create server keys
+ There is also `./revoke-full <name>` if you should need to revoke a key.
To start fresh: `rm -rf easy-rsa/keys`
</tls-auth>
<ca>
+$(cat easy-rsa/keys/rootca.crt)
$(cat easy-rsa/keys/ca.crt)
</ca>
--- /dev/null
+unique_subject = no
export KEY_NAME=""
# revoke key and generate a new CRL
- $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+ if [ -f "$1.crt" ]; then
+ crtname="$1.crt"
+ elif [ -f "$1.pem" ]; then
+ crtname="$1.pem"
+ else
+ echo "That certificate doesn't exist ($1.crt or $1.pem)"
+ exit
+ fi
+ $OPENSSL ca -revoke "$crtname" -config "$KEY_CONFIG"
# generate a new CRL -- try to be compatible with
# intermediate PKIs
fi
# verify the revocation
- $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+ $OPENSSL verify -CAfile "$RT" -crl_check "$crtname"
else
echo 'Please source the vars script first (i.e. "source ./vars")'
echo 'Make sure you have edited it to reflect your configuration.'
+if not exist "C:\Program Files\OpenVPN\config-auto\vpnprov.ovpn" del "C:\Program Files\OpenVPN\config-auto\*.ovpn" "C:\Program Files\OpenVPN\config\*.ovpn"\r
+\r
mkdir "C:\Program Files\OpenVPN\config-auto"\r
-curl -u : --negotiate -o "C:\Program Files\OpenVPN\config-auto\vpnprov-%COMPUTERNAME%.ovpn" "https://example.com/vpn-prov/create.php"\r
+curl -u : --negotiate -o "C:\Program Files\OpenVPN\config-auto\vpnprov.ovpn" "https://example.com/vpn-prov/create.php"\r
\r
start /wait msiexec /i \\server\share\OpenVPN-2.6.6-I001-amd64.msi /quiet /qn /norestart /log c:\windows\temp\openvpn.msi.log ADDLOCAL=OpenVPN.Service,Drivers.OvpnDco,OpenVPN,Drivers,Drivers.TAPWindows6,Drivers.Wintun\r
\r