Benjamin Titze - Mon, 2020/11/16 - 17:58

Hello,

i would like to generate new certificates within my OpenvpnServer Server VM.

Turnykey generates all at first install, but I want to change it.

what is the syntax of creation new certificate pem, ca and user/client certifcate?

 

thx Ben

Forum: 
Support
Jeremy Davis's picture

Jeremy Davis - Tue, 2020/11/17 - 00:17

Rerunning the TurnKey inithook (aka firstboot) script should achieve your desired ends. To do that (when running as root, otherwise prefix with sudo):

/usr/lib/inithooks/bin/openvpn.py

Out of interest, if you wish to view the scripts that we provide, you can check them out on GitHub. The top level script (as noted above) can be found in the OpenVPN build code overlay and the lower level script is there too, called openvpn-server-init.

Please note that it's been a while since I've worked on the OpenVPN app myself. I haven't double checked the code and I don't 100% recall whether that will delete all the existing config or not, so I would be really interested in hearing how it goes. So please lte us know. :)

Benjamin Titze - Tue, 2020/11/17 - 08:38

Hey thanks!

If I want to adjust the key expire date and city and Key_Country, do I need to change it in the openvpn-server-init.sh?

 

Ben

Jeremy Davis's picture

Jeremy Davis - Wed, 2020/11/18 - 03:20

Assuming you are running as root, then you can export them and they'll be picked up. E.g.:

export KEY_EXPIRE=365 # in days
export KEY_CITY="Some City"
export KEY_PROVINCE="Some State or Province"
export KEY_COUNTRY="Some Country"

Then run the command (and the above will be used instead of defaults):

/usr/lib/inithooks/bin/openvpn-server-init.sh key-email public-address virtual-subnet

E.g. something like this:

/usr/lib/inithooks/bin/openvpn-server-init.sh my@email.com www.mysite.com 192.168.0.0/24

Add new comment