Updated on March 14, 2022

Generate OpenVPN Certificates and Keys

Estimated reading: 4 minutes 642 views

Generate OpenVPN Certificates and Keys

Generate OpenVPN certificates and keys for OpenVox UC-Series VoIP PBX and clients.

Important: Commands below are executed in one Command Prompt window.
If you want to open a new Command Prompt window to execute commands (i.e. create certificates for new client):

  • Each time you open a new Command Prompt window, you need to execute vars command first,then execute other commands.
  • You don’t need to execute init-config command, unless you want to edit vars.bat file again

C:\7e1ae0b730a5efcf6f0f4395fc02c24e Initialize the OpenVPN configuration

  1. Press Windows Key and R key, type cmd and press Enter key.
  2. Navigate to %ProgramFiles%\OpenVPN\easy-rsa (e.g. D:\OpenVPN\easy-rsa).
    cd D:\OpenVPN\easy-rsa
  3. Initialize the configurations.
    init-config
  4. Open the vars.bat file in a text editor.
    notepad vars.bat
    a. Change the KEY_SIZE settings.
    Usually,set the private key size to 1024 or 2048
    set KEY_SIZE=2048
    b. Edit the following lines to display your address and company.
    Later, when you make CA, certificates and keys, you will be asked to enter information that will be
    incorporated into your certificate request. If you change the default variables below, you don’t
    have to enter these information each time.
    set KEY_COUNTRY=CN
    set KEY_PROVINCE=GD
    set KEY_CITY=Shenzhen
    set KEY_ORG=Openvox
    set [email protected]

c. Save the vars.bat file and back to Command Prompt window.

  1. Run the following commands, make sure you are operating in a clean environment.

CAUTION: This will remove all certificates and keys from the keys directory.

vars

clean-all

C:\7e1ae0b730a5efcf6f0f4395fc02c24e Build Certificate Authority(CA)

  1. Run the following command to create the ca.crt and ca.key file in the keys directory.
    build-ca
  2. When prompted to enter information that will be incorporated into your certificate request, enter your country, organization, etc.Or press the Enter key to use the preset values appeared in brackets.

Important: The only parameter that must be explicitly entered is the Common Name. In the example below, we set Common Name to OpenVPN_CA.

Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [Openvox]:
Organizational Unit Name (eg, section) [changeme]:admin
Common Name (eg, your name or your server’s hostname) [changeme]:OpenVPN_CA
Name [changeme]:Openvox
Email Address [[email protected]]:

C:\7e1ae0b730a5efcf6f0f4395fc02c24e Build certificate and key for server

  1. Run the following command to create the {server_name}.crt and {server_name}.key file in the keys directory.In the command below, we create server.crt and server.key.
    build-key-server server
  2. When prompted to enter information that will be incorporated into your certificate request, enter your country, organization, etc.Or press the Enter key to use the preset values appeared in brackets.

Important: The only parameter that must be explicitly entered is the Common Name. Enter the same name as{server_name}. In the example below, we set Common Name to server.

Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [Openvox]:
Organizational Unit Name (eg, section) [changeme]:admin
Common Name (eg, your name or your server’s hostname) [changeme]:server
Name [changeme]:Openvox
Email Address [[email protected]]:

3. When prompted to sign the certificate and commit, type y and press the Enter key.

Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y

C:\7e1ae0b730a5efcf6f0f4395fc02c24e Build certificate and key for client

  1. Run the following command to create the {client_name}.crt and {client_name}.key file in the keys directory.In the command below, we create client.crt and client.key.
    build-key client
  2. When prompted to enter information that will be incorporated into your certificate request, enter your country, organization, etc.Or press the Enter key to use the preset values appeared in brackets.

Important: The only parameter that must be explicitly entered is the Common Name. Enter the same name as {client_name}. In the example below, we set Common Name to client.

Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [Openvox]:
Organizational Unit Name (eg, section) [changeme]:admin
Common Name (eg, your name or your server’s hostname) [changeme]:client
Name [changeme]:Openvox
Email Address [[email protected]]:

3. When prompted to sign the certificate and commit, type y and press the Enter key.

Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y

C:\7e1ae0b730a5efcf6f0f4395fc02c24e Build a ta.key

Run the following command to create ta.key file in the keys directory.

OpenVPN –genkey –secret keys/ta.key

C:\7e1ae0b730a5efcf6f0f4395fc02c24e Generate Diffie Hellman parameters

build-dh

 

Leave a Comment

CONTENTS