# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
$ su
# . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /Users/hoge/openvpn-2.2.0/easy-rsa/2.0/keys
# ./clean-all
# ./build-ca
Generating a 1024 bit RSA private key
....++++++
..............................++++++
unable to write 'random state'
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [JP]:
State or Province Name (full name) [Shizuoka]:
Locality Name (eg, city) [Makinohara]:
Organization Name (eg, company) [Private]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [Private CA]:MyServer ←★サーバー名を手入力する
Name []:
Email Address [hogehoge@xxx.co.jp]:
サーバー用の証明書と秘密鍵の作成
# ./build-key-server server
Generating a 1024 bit RSA private key
..........................................................++++++
................................++++++
unable to write 'random state'
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [JP]:
State or Province Name (full name) [Shizuoka]:
Locality Name (eg, city) [Makinohara]:
Organization Name (eg, company) [Private]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [server]: ←★ここでは単にリターン
Name []:
Email Address [hogehoge@xxx.co.jp]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /Users/nai/tmp/OpenVPN/openvpn-2.2.0/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Shizuoka'
localityName :PRINTABLE:'Makinohara'
organizationName :PRINTABLE:'Private'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'hogehoge@xxx.co.jp'
Certificate is to be certified until Jun 11 12:18:15 2021 GMT (3650 days)
Sign the certificate? [y/n]:y ←★ yを入力
1 out of 1 certificate requests certified, commit? [y/n]y ←★ yを入力
Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
クライアント用の証明書と鍵の作成
# ./build-key client1
Generating a 1024 bit RSA private key
........++++++
..................................................++++++
unable to write 'random state'
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [JP]:
State or Province Name (full name) [Shizuoka]:
Locality Name (eg, city) [Makinohara]:
Organization Name (eg, company) [Private]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [client1]: ←★ここでは単にリターン
Name []:
Email Address [hogehoge@xxx.co.jp]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /Users/nai/tmp/OpenVPN/openvpn-2.2.0/easy-rsa/2.0/openssl.cnf
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Shizuoka'
localityName :PRINTABLE:'Makinohara'
organizationName :PRINTABLE:'Private'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'hogehoge@xxx.co.jp'
Certificate is to be certified until Jun 11 12:21:26 2021 GMT (3650 days)
Sign the certificate? [y/n]:y ←★ yを入力
1 out of 1 certificate requests certified, commit? [y/n]y ←★ yを入力
Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
これを必要なクライアント数分行います。
Diffie Hellmanパラメータの生成
# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...................................+..........................+.............................
〜略〜
.........................++*++*++*
unable to write 'random state'