openVPN設定 №2
openVPN設定 №1 の続きからです。
8.サーバ証明書とサーバ秘密鍵を作成。
[user@localhost] ./build-key-server server
[ファイル内容]
Generating a 1024 bit RSA private key ............................................................++++++ .....++++++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [JP]:【ENTER】 State or Province Name (full name) [Tokyo]:【ENTER】 Locality Name (eg, city) [Hachiouzi]:【ENTER】 Organization Name (eg, company) [tmyinsight.net]:【ENTER】 Organizational Unit Name (eg, section) [changeme]:【ENTER】 Common Name (eg, your name or your server's hostname) [server]:【ENTER】 Name [changeme]:【ENTER】 Email Address [postmaster@tmyinsight.net]:【ENTER】 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:【ENTER】 An optional company name []:【ENTER】 Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Tokyo' localityName :PRINTABLE:'Hachiouzi' organizationName :PRINTABLE:'tmyinsight.net' organizationalUnitName:PRINTABLE:'changeme' commonName :PRINTABLE:'server' name :PRINTABLE:'changeme' emailAddress :IA5STRING:'postmaster@tmyinsight.net' Certificate is to be certified until Dec 10 12:56:12 2024 GMT (3650 days) Sign the certificate? [y/n]:【y】【ENTER】 1 out of 1 certificate requests certified, commit? [y/n]【y】【ENTER】 Write out database with 1 new entries Data Base Updated
※"【】"はキーボードで入力していることを表しています。
作成されたのか確認する場合は・・・
[user@localhost] ls keys/
server.crt server.csr server.key ・・・
9. クライアント証明書・クライアントの秘密鍵を作成。
クライアントの数が決まっている場合は、その分だけ繰り返し作成を行ってください。
また、パスフレーズの有無の設定が出来ますので、そのことも書きたいと思います。
[パスフレーズが必要な場合]
[user@localhost] ./build-key-pass Client_pass
[確認内容]
Generating a 1024 bit RSA private key ..................++++++ ..................++++++ writing new private key to 'Client_pass.key' Enter PEM pass phrase:【パスフレーズを入力】【ENTER】 Verifying - Enter PEM pass phrase:【パスフレーズを再入力】【ENTER】 ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [JP]:【ENTER】 State or Province Name (full name) [Tokyo]:【ENTER】 Locality Name (eg, city) [Hachiouzi]:【ENTER】 Organization Name (eg, company) [tmyinsight.net]:【ENTER】 Organizational Unit Name (eg, section) [changeme]:【ENTER】 Common Name (eg, your name or your server's hostname) [Client_pass]: Name [changeme]:【ENTER】 Email Address [postmaster@tmyinsight.net]:【ENTER】 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:【ENTER】 An optional company name []:【ENTER】 Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Tokyo' localityName :PRINTABLE:'Hachiouzi' organizationName :PRINTABLE:'tmyinsight.net' organizationalUnitName:PRINTABLE:'changeme' commonName :T61STRING:'Client_pass' name :PRINTABLE:'changeme' emailAddress :IA5STRING:'postmaster@tmyinsight.net' Certificate is to be certified until Dec 10 13:09:34 2024 GMT (3650 days) Sign the certificate? [y/n]:【y】【ENTER】 1 out of 1 certificate requests certified, commit? [y/n]【y】【ENTER】 Write out database with 1 new entries Data Base Updated
[パスフレーズが不必要な場合]
[user@localhost] ./build-key Client_nopass
[確認内容]
Generating a 1024 bit RSA private key .............................................................++++++ ...................................................++++++ writing new private key to 'Client_nopass.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [JP]:【ENTER】 State or Province Name (full name) [Tokyo]:【ENTER】 Locality Name (eg, city) [Hachiouzi]:【ENTER】 Organization Name (eg, company) [tmyinsight.net]:【ENTER】 Organizational Unit Name (eg, section) [changeme]:【ENTER】 Common Name (eg, your name or your server's hostname) [Client_nopass]: Name [changeme]:【ENTER】 Email Address [postmaster@tmyinsight.net]:【ENTER】 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:【ENTER】 An optional company name []:【ENTER】 Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Tokyo' localityName :PRINTABLE:'Hachiouzi' organizationName :PRINTABLE:'tmyinsight.net' organizationalUnitName:PRINTABLE:'changeme' commonName :T61STRING:'Client_nopass' name :PRINTABLE:'changeme' emailAddress :IA5STRING:'postmaster@tmyinsight.net' Certificate is to be certified until Dec 10 13:22:33 2024 GMT (3650 days) Sign the certificate? [y/n]:【y】【ENTER】 1 out of 1 certificate requests certified, commit? [y/n]【y】【ENTER】 Write out database with 1 new entries Data Base Updated
※"【】"はキーボードで入力していることを表しています。
作成されたのか確認する場合は・・・
[user@localhost] ls keys/
[確認内容]
Client_nopass.csr Client_pass.crt Client_pass.key Client_nopass.crt Client_nopass.key Client_pass.csr ・・・
