Hello,
To build an OpenVPN server I did the following steps:
Code:
# cd /etc/openvpn/easy-rsa
# mv vars.example vars
# nano vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="NY"
export KEY_ORG="MyDepartment"
export KEY_EMAIL="admin@example.xyz"
export KEY_OU="OpenVPN"
I saved and closed the file. Then:
Code:
# ./easyrsa init-pki
# ./easyrsa build-ca nopass
# ./easyrsa gen-req MyDepartment_Server nopass
# ./easyrsa sign-req server MyDepartment_Server
Building a Diffie-Hellman key exchange:
Code:
# ./easyrsa --keysize=4096 gen-dh
# openvpn --genkey secret ta.key
Finally:
Code:
# cp ta.key /etc/openvpn/server
# cp pki/ca.crt /etc/openvpn/server
# cp pki/private/MyDepartment_Server.key /etc/openvpn/server
# cp pki/issued/MyDepartment_Server.crt /etc/openvpn/server
# cp pki/dh.pem /etc/openvpn/server/
As you can see, I have moved the files to
/etc/openvpn/server directory. Now I want to create another server and when I use the command "./easyrsa init-pki", then the following message is displayed:
Quote:
# ./easyrsa init-pki
WARNING!!!
You are about to remove the EASYRSA_PKI at:
* /etc/openvpn/easy-rsa/pki
and initialize a fresh PKI here.
Type the word 'yes' to continue, or any other input to abort.
Confirm removal:
|
All the servers I want to make are for one company. I have some questions:
1- Now if I ignore the warning message above, what is the risk?
2- What do I need to do to build new servers using Easy-RSA?
3- What files do I need to copy from Easy-RSA so that I can safely delete the Easy-RSA directory?
Thank you.
Generating new keys using Easy-RSA
