Blame | Last modification | View Log | RSS feed
# easy-rsa parameter settings# NOTE: If you installed from an RPM,# don't edit this file in place in# /usr/share/openvpn/easy-rsa --# instead, you should copy the whole# easy-rsa directory to another location# (such as /etc/openvpn) so that your# edits will not be wiped out by a future# OpenVPN package upgrade.# This variable should point to# the top level of the easy-rsa# tree.export EASY_RSA="`pwd`"## This variable should point to# the requested executables#export OPENSSL="openssl"export PKCS11TOOL="pkcs11-tool"export GREP="grep"# This variable should point to# the openssl.cnf file included# with easy-rsa.export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`# Edit this variable to point to# your soon-to-be-created key# directory.## WARNING: clean-all will do# a rm -rf on this directory# so make sure you define# it correctly!export KEY_DIR="$EASY_RSA/keys"# Issue rm -rf warningecho NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR# PKCS11 fixesexport PKCS11_MODULE_PATH="dummy"export PKCS11_PIN="dummy"# Increase this to 2048 if you# are paranoid. This will slow# down TLS negotiation performance# as well as the one-time DH parms# generation process.export KEY_SIZE=1024# In how many days should the root CA key expire?export CA_EXPIRE=3650# In how many days should certificates expire?export KEY_EXPIRE=3650# These are the default values for fields# which will be placed in the certificate.# Don't leave any of these fields blank.export KEY_COUNTRY="US"export KEY_PROVINCE="CA"export KEY_CITY="SanFrancisco"export KEY_ORG="Fort-Funston"export KEY_EMAIL="me@myhost.mydomain"export KEY_EMAIL=mail@host.domainexport KEY_CN=changemeexport KEY_NAME=changemeexport KEY_OU=changemeexport PKCS11_MODULE_PATH=changemeexport PKCS11_PIN=1234