Re: [leaf-user] build-key missing

Fri, 23 Dec 2016 14:49:34 -0800 

Robert & Boris

line 2 exports the variables, so you can override them in memory rather than 
changing the vars file

so to generate a specific key file, just set the variable
KEY_CN="MARKO-CN"
pkitool marko

KEY_CN="BORIS-CN"
pkitool boris

etc

cheers

Marko


On Fri, 23 Dec 2016 11:29:57 AM Robert K Coffman Jr. -Info From Data Corp. 
wrote:
> Boris,
> 
> Try this.  Some of this is specific to my configuration (certificate
> names) just ignore that stuff.  I don't think build-key is used any
> longer...
> 
> Typical usage for initial PKI setup.
> 
> Build Server and client cert/keys.
> 1.    edit /etc/openvpn/vars with your site-specific info.
> 2.    . /etc/easyrsa/vars
> 3.    /usr/sbin/clean-all  {THIS IS REQUIRED FOR NEW PKI TO CREATE THE
> INDEX! DO NOT SKIP!}
> 4.    build-dh
> 5.    pkitool –-initca
> 6.    pkitool --server s_servername (this creates the server cert)
> 7.    (CLIENT FILE BUILDS)
> a.    Modify the vars file to change the common name to be the client
> common name, i.e. c_servername_client1.  Re-run . /etc/easyrsa/vars.
> VARS must match the parameter you pass it in the next step!
> b.    pkitool c_servername_client1
> c.    change vars back!
> d.    Save changes!
> 
> On 12/23/2016 10:44 AM, Boris wrote:
> > Hej all,
> > 
> > 
> > here's a little issue: My LEAF-box (5.2.4 Rev.1) is missing a build-key
> > -script to generate openvpn-keys.
> 
> ----------------------------------------------------------------------------
> -- Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today.http://sdm.link/intel
> ------------------------------------------------------------------------
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to