Techyou labs
您正在查看:标签 openvpn 下的文章
August 9, 2023


Based on the information above, we know that we have to:

Create a private key for our own CA
Create a certificate for the CA
Add this certificate to the “Trusted Root Certificate Authorities” store of the clients so that it becomes trusted
Create a certificate for our webserver
Sign this certificate with our CA (which is trusted and therefore, also this new certificate becomes trusted)
Deploy the certificate

Install OpenVPN
Make sure your package repositories and installed programs are up to date by issuing the following commands:

apt-get update
apt-get upgrade --show-upgraded

Begin by installing the OpenVPN software and the udev dependency with the following command:

apt-get install openvpn udev

The OpenVPN package provides a set of encryption-related tools called "easy-rsa". These scripts are located by default in the /usr/share/doc/openvpn/examples/easy-rsa/ directory. However, in order to function properly, these scripts should be located in the /etc/openvpn directory. Copy these files with the following command:

cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn

Most of the relevant configuration for the OpenVPN public key infrastructure is contained in /etc/openvpn/easy-rsa/2.0/, and much of our configuration will be located in this directory.

Configure Public Key Infrastructure Variables

Before you can generate the public key infrastructure for OpenVPN, you must configure a few variables that the easy-rsa scripts will use to generate the scripts. These variables are set near the end of the /etc/openvpn/easy-rsa/2.0/vars file. Here is an example of the relevant values:


export KEY_CITY="Oxford"
export KEY_ORG="My Organization"
export KEY_EMAIL=""