[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] build-key-pass in windows


  • Subject: Re: [Openvpn-users] build-key-pass in windows
  • From: Winn Johnston <winn_johnston@xxxxxxxxx>
  • Date: Wed, 12 Dec 2007 06:38:15 -0800 (PST)

sorry but i am not that familiar with the windows
server version. However if you can change to the
working directory of the executable openssl.exe then
you should be able to issue the command Jan showed you

 openssl req -days 3650 -new -keyout $1.key -out
$1.csr -config $KEY_CONFIG &&

or a deviation of the above line. There are variables
that need to be set to get some of the commands to
work.

sample of what i use to set the environment variables.

export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY_DIR=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=US
export KEY_PROVINCE="some place"
export KEY_CITY=some city
export KEY_ORG="VPN"
export KEY_EMAIL="me@xxxxxxxxxxx"


Hope this helps

-winn


--- Jan Just Keijser <janjust@xxxxxxxxx> wrote:

> all necessary openssl executables are included with
> the openvpn 
> installation package
> 
> JJK
> 
> Winn Johnston wrote:
> > You would need to download openSSL to do such a
> thing.
> >
> > -winn
> >
> > --- Jan Just Keijser <janjust@xxxxxxxxx> wrote:
> >
> >   
> >> I don't know why there's no build-key-pass.bat
> but
> >> the only difference 
> >> between the linux versions is:
> >>
> >> # diff build-key build-key-pass
> >> 15c15
> >> <       openssl req -days 3650 -nodes -new
> -keyout
> >> $1.key -out $1.csr 
> >> -config $KEY_CONFIG && \
> >> ---
> >>  >       openssl req -days 3650 -new -keyout
> $1.key
> >> -out $1.csr -config 
> >> $KEY_CONFIG &&
> >>
> >> so you could try creating your own
> >> build-key-pass.bat:
> >> - start with build-key.bat, copy it to
> >> build-key-pass.bat
> >> - remove -nodes from the build-key-pass.bat file
> >>
> >> HTH,
> >>
> >> JJK
> >>
> >> Chris Brooks wrote:
> >>     
> >>> I don't have this script in my Windows
> >>>       
> >> installation. How can I get it? 
> >>     
> >>> I need to add a password to these files because
> my
> >>>       
> >> users will be 
> >>     
> >>> carrying the certs and the config files on a USB
> >>>       
> >> drive...... While on 
> >>     
> >>> the subject let me provide a little more info on
> >>>       
> >> what I'm doing and 
> >>     
> >>> see if the list feels I'm going about it in the
> >>>       
> >> proper way.
> >>     
> >>>  
> >>> I have a police dept who needs access to an
> >>>       
> >> application from the duty 
> >>     
> >>> laptops in the cars. My plan into install
> openvpn
> >>>       
> >> on the laptops and 
> >>     
> >>> then issue each officer a sub key with a unique
> >>>       
> >> cert/config file on 
> >>     
> >>> it. To protect the certs I need to put a
> password
> >>>       
> >> on them. Does this 
> >>     
> >>> sound like the best process?
> >>>
> >>>       
> 
> 


______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users