| 165 |
- |
1 |
# easy-rsa parameter settings
|
|
|
2 |
|
|
|
3 |
# NOTE: If you installed from an RPM,
|
|
|
4 |
# don't edit this file in place in
|
|
|
5 |
# /usr/share/openvpn/easy-rsa --
|
|
|
6 |
# instead, you should copy the whole
|
|
|
7 |
# easy-rsa directory to another location
|
|
|
8 |
# (such as /etc/openvpn) so that your
|
|
|
9 |
# edits will not be wiped out by a future
|
|
|
10 |
# OpenVPN package upgrade.
|
|
|
11 |
|
|
|
12 |
# This variable should point to
|
|
|
13 |
# the top level of the easy-rsa
|
|
|
14 |
# tree.
|
|
|
15 |
export EASY_RSA="`pwd`"
|
|
|
16 |
|
|
|
17 |
#
|
|
|
18 |
# This variable should point to
|
|
|
19 |
# the requested executables
|
|
|
20 |
#
|
|
|
21 |
export OPENSSL="openssl"
|
|
|
22 |
export PKCS11TOOL="pkcs11-tool"
|
|
|
23 |
export GREP="grep"
|
|
|
24 |
|
|
|
25 |
|
|
|
26 |
# This variable should point to
|
|
|
27 |
# the openssl.cnf file included
|
|
|
28 |
# with easy-rsa.
|
|
|
29 |
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
|
|
30 |
|
|
|
31 |
# Edit this variable to point to
|
|
|
32 |
# your soon-to-be-created key
|
|
|
33 |
# directory.
|
|
|
34 |
#
|
|
|
35 |
# WARNING: clean-all will do
|
|
|
36 |
# a rm -rf on this directory
|
|
|
37 |
# so make sure you define
|
|
|
38 |
# it correctly!
|
|
|
39 |
export KEY_DIR="$EASY_RSA/keys"
|
|
|
40 |
|
|
|
41 |
# Issue rm -rf warning
|
|
|
42 |
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
|
|
|
43 |
|
|
|
44 |
# PKCS11 fixes
|
|
|
45 |
export PKCS11_MODULE_PATH="dummy"
|
|
|
46 |
export PKCS11_PIN="dummy"
|
|
|
47 |
|
|
|
48 |
# Increase this to 2048 if you
|
|
|
49 |
# are paranoid. This will slow
|
|
|
50 |
# down TLS negotiation performance
|
|
|
51 |
# as well as the one-time DH parms
|
|
|
52 |
# generation process.
|
|
|
53 |
export KEY_SIZE=1024
|
|
|
54 |
|
|
|
55 |
# In how many days should the root CA key expire?
|
|
|
56 |
export CA_EXPIRE=3650
|
|
|
57 |
|
|
|
58 |
# In how many days should certificates expire?
|
|
|
59 |
export KEY_EXPIRE=3650
|
|
|
60 |
|
|
|
61 |
# These are the default values for fields
|
|
|
62 |
# which will be placed in the certificate.
|
|
|
63 |
# Don't leave any of these fields blank.
|
|
|
64 |
export KEY_COUNTRY="US"
|
|
|
65 |
export KEY_PROVINCE="VA"
|
|
|
66 |
export KEY_CITY="Chantilly"
|
|
|
67 |
export KEY_ORG=""
|
|
|
68 |
export KEY_EMAIL=openvpn@uwejacobs.com
|
|
|
69 |
export KEY_CN=CN
|
|
|
70 |
export KEY_NAME=Uwe
|
|
|
71 |
export KEY_OU=OU
|
|
|
72 |
export PKCS11_MODULE_PATH=changeme
|
|
|
73 |
export PKCS11_PIN=1234
|