Certificate generation
This recipe will demonstrate how to create and sign a certificate request using plain openssl commands. This is slightly different from using the easy-rsa scripts, but very instructive.
Getting ready
Set up the easy-rsa certificate environment using the first recipe from Chapter 2, Client-server IP-only Networks, by sourcing the vars file. This recipe was performed on a computer running Fedora 12 Linux but it can easily be run on Windows or MacOS.
How to do it...
Before we can use plain openssl commands to generate and sign a request, there are a few environment variables that need to be set. These variables are not set in the vars file by default.
Add the missing environment variables:
$ cd /etc/openvpn/cookbook $ . ./vars $ export KEY_CN=dummy $ export KEY_OU=dummy $ export KEY_NAME=dummy $ export OPENSSL_CONF=/etc/openvpn/cookbook/openssl.cnf
Note that the
openssl.cnffile is part of the easy-rsa distribution and should already...
