证书密钥生成失败,日志报错:OpenVPN server: Please manual build the certificates via "openvpn-cert.sh" script.
找到/usr/bin/openvpn-cert.sh脚本
根据帮助文档手动执行命令:./openvpn-cert.sh server -n OpenVPN -b 1024 -d 365
[/opt/home/admin]# cd /usr/bin
[/usr/bin]# ./openvpn-cert.sh
Create certificates for OpenVPN client/server. For more info see:
http://openvpn.net/index.php/open-source/documentation/howto.html
https://code.google.com/p/rt-n56u/wiki/HowToConfigureOpenvpnServer
Usage: ./openvpn-cert.sh command [ args ]
commands: [ server, client, client_csr, client_sign ]
server [ -n common_name ] [ -b rsa_bits/ec_name ] [ -d days_valid ]
The following files for OpenVPN server are created:
- root CA key and certificate
- server key and certificate
- Diffie-Hellman parameters key
- TLS-Auth HMAC signature key
Note: ca.crt and ta.key(if TLS-Auth or TLS-Crypt is used) should be sent
to clients.
client -n common_name [ -b rsa_bits/ec_name ] [ -d days_valid ]
Create both client key and sign it on server side. It is not quite corre
ct,
but it saves time if you administer both server and client devices.
client_csr -n common_name [ -b rsa_bits/ec_name ]
The following files for OpenVPN client are created:
- client key
- certificate signing request (client.csr)
Note: This request should be signed with OpenVPN server CA certificate.
client_sign -f csr_file_path [ -d days_valid ]
Create client certificate.
ssl_view -f crt/csr_file_path
Allows you to see the contents of the requests or certificates using the
openssl utility.
Example:
If you are new to OpenVPN but want to connect server and client,
you can create certificates using:
./openvpn-cert.sh server
./openvpn-cert.sh client -n client1
Then copy the following files to client:
ca.crt, ta.key from /etc/storage/openvpn/server
client.key, client.crt from /etc/storage/openvpn/client
[JDC-1 /usr/bin]# ./openvpn-cert.sh server -n OpenVPN -b 1024 -d 365
Generating RSA private key, 1024 bit long modulus (2 primes)
..+++++
...+++++
e is 65537 (0x010001)
* Creating ca.crt: OpenVPN CA [ done ]
Generating RSA private key, 1024 bit long modulus (2 primes)
.........+++++
.............+++++
e is 65537 (0x010001)
* Creating server.csr: OpenVPN [ done ]
* Signing server.crt [ done ]
* Creating DH Parameters (may take long time, be patient) [ done ]
* Creating TLS Auth/Crypt key [ done ]
* Creating TLS Crypt v2 server key [ done ]