summaryrefslogtreecommitdiff
path: root/src/openvpn/easy-rsa/Windows/README.txt
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/easy-rsa/Windows/README.txt')
-rw-r--r--src/openvpn/easy-rsa/Windows/README.txt44
1 files changed, 44 insertions, 0 deletions
diff --git a/src/openvpn/easy-rsa/Windows/README.txt b/src/openvpn/easy-rsa/Windows/README.txt
new file mode 100644
index 0000000..2ede7b1
--- /dev/null
+++ b/src/openvpn/easy-rsa/Windows/README.txt
@@ -0,0 +1,44 @@
+Extract all zip'd files to the OpenVPN home directory,
+including the openssl.cnf file from the top-level
+"easy-rsa" directory.
+
+First run init-config.bat
+
+Next, edit vars.bat to adapt it to your environment, and
+create the directory that will hold your key files.
+
+To generate TLS keys:
+
+Create new empty index and serial files (once only)
+1. vars
+2. clean-all
+
+Build a CA key (once only)
+1. vars
+2. build-ca
+
+Build a DH file (for server side, once only)
+1. vars
+2. build-dh
+
+Build a private key/certficate for the openvpn server
+1. vars
+2. build-key-server <machine-name>
+
+Build key files in PEM format (for each client machine)
+1. vars
+2. build-key <machine-name>
+ (use <machine name> for specific name within script)
+
+or
+
+Build key files in PKCS #12 format (for each client machine)
+1. vars
+2. build-key-pkcs12 <machine-name>
+ (use <machine name> for specific name within script)
+
+To revoke a TLS certificate and generate a CRL file:
+1. vars
+2. revoke-full <machine-name>
+3. verify last line of output confirms revokation
+4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>"