3

I recently set up an OpenVPN server and am trying to create a key pair for a new user. I do not want to rebuild ca.key or ca.crt but when i run easy rsa script build-key i get this:

Please edit the vars script to reflect your configuration,

then source it with "source ./vars".

Next, to start with a fresh PKI configuration and to delete any

previous certificates and keys, run "./clean-all".

Finally, you can run this tool (pkitool) to build certificates/keys.

I do not want a new ca.key file, I like the one I have, I just want to add users to the existing one.

Is there an easy way to do this? or a hard way, or any way?

Am i being an idiot and running cleanall won't change my server ca.key?

Thanks for your time

Community
  • 1
jimicloudstuff
  • 33
  • 1
  • 6

1 Answers1

2

To add a profile for a new client:

On the server:

cd /etc/openvpn/easy-rsa
sudo su
. ./vars
./build-key [keyname]

hit return on all prompts till it asks for y/n, answer y to 2 questions

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/[keyname].ovpn

exit (to get out of su)

copy these files to the client 

/etc/openvpn/easy-rsa/keys/[keyname].ovpn
/etc/openvpn/easy-rsa/keys/[keyname].crt
/etc/openvpn/easy-rsa/keys/[keyname].key
/etc/openvpn/ca.crt

If your config has ccd-exclusive set in server.conf don't forget to create an empty file in /ccd with the client name. Can add fixed IP in this file if desired.

Organic Marble
  • 23,641
  • 15
  • 70
  • 122