[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: Non Interactive Easy-RSA?

  • Subject: [Openvpn-users] Re: Non Interactive Easy-RSA?
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Mon, 07 Mar 2005 00:26:03 -0600

On Sun, 06 Mar 2005 22:49:41 -0500, glynn taylor wrote:

> I need to run easy-rsa in batch mode.  Is there a way to create cert/key
> pairs for users in a non interactive way via easy-rsa using a command
> line argument as the one thing to make it unique between users?

Sure -- this is quite easy.

First, go into your openssl.cnf and make the following changes:

organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN

Now, before calling build-key, set KEY_CN and KEY_OU to the desired CN and
oranizational unit. You can do the same thing for other parameters as well.

I might have missed something in my email here, but the setup I have in
production does just this, so drop me a line if it still doesn't work.

Openvpn-users mailing list