Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # easy-rsa parameter settings
- # NOTE: If you installed from an RPM,
- # don't edit this file in place in
- # /usr/share/openvpn/easy-rsa --
- # instead, you should copy the whole
- # easy-rsa directory to another location
- # (such as /etc/openvpn) so that your
- # edits will not be wiped out by a future
- # OpenVPN package upgrade.
- # This variable should point to
- # the top level of the easy-rsa
- # tree.
- export EASY_RSA="`pwd`"
- #
- # This variable should point to
- # the requested executables
- #
- export OPENSSL="openssl"
- export PKCS11TOOL="pkcs11-tool"
- export GREP="grep"
- # This variable should point to
- # the openssl.cnf file included
- # with easy-rsa.
- export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
- # Edit this variable to point to
- # your soon-to-be-created key
- # directory.
- #
- # WARNING: clean-all will do
- # a rm -rf on this directory
- # so make sure you define
- # it correctly!
- export KEY_DIR="$EASY_RSA/keys"
- # Issue rm -rf warning
- echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
- # PKCS11 fixes
- export PKCS11_MODULE_PATH="dummy"
- export PKCS11_PIN="dummy"
- # Increase this to 2048 if you
- # are paranoid. This will slow
- # down TLS negotiation performance
- # as well as the one-time DH parms
- # generation process.
- export KEY_SIZE=1024
- # In how many days should the root CA key expire?
- export CA_EXPIRE=3650
- # In how many days should certificates expire?
- export KEY_EXPIRE=3650
- # These are the default values for fields
- # which will be placed in the certificate.
- # Don't leave any of these fields blank.
- export KEY_COUNTRY="NL"
- export KEY_PROVINCE="WE"
- export KEY_CITY="Whatever"
- export KEY_ORG="Whatever"
- export KEY_EMAIL="whatever@dev.null"
Add Comment
Please, Sign In to add comment