Document generating VPN keys

2020-07-31 13:44:25 +02:00 · 2020-07-31 13:44:25 +02:00 · e8eca8f8cb
commit e8eca8f8cb
parent e2e7f44095
1 changed files with 25 additions and 0 deletions
--- a/generate_openvpn_keys.md
+++ b/generate_openvpn_keys.md
@ -0,0 +1,25 @@
+# How to generate private key and certificate for OpenVPN client
+
+Doing this requires membership in sysadmin-main FAS group.
+
+All the following commands should be ran on one of batcave hosts.
+
+Clone `ansible-private` repo:
+
+    git clone /srv/git/ansible-private
+
+Change into `files/vpn` subdirectory in cloned repo:
+
+    cd ansible-private/files/vpn
+
+Run `addhost.sh` script to generate keys and cert, eg.:
+
+    ./addhost.sh proxy33.fedoraproject.org
+
+Add generated files to git index, commit, push:
+
+    git status
+    git add pki/certs_by_serial/3ADB026719C7AA872EED47711B46B79A.pem pki/issued/proxy33.fedoraproject.org.crt pki/private/proxy33.fedoraproject.org.key pki/reqs/proxy33.fedoraproject.org.req
+    git commit -a -m "Add VPN key/cert for proxy33.fedoraproject.org"
+    git show
+    git push