openvpn sop: update commands with easyrsa
This commit is contained in:
parent
9e4c686587
commit
35adacc621
1 changed files with 4 additions and 26 deletions
|
|
@ -20,27 +20,7 @@ Purpose::
|
|||
|
||||
=== Create/sign the keys
|
||||
|
||||
From batcave01 check out the private repo:
|
||||
|
||||
....
|
||||
# This is to ensure that the clone is not world-readable at any point.
|
||||
RESTORE_UMASK=$(umask -p)
|
||||
umask 0077
|
||||
git clone /srv/git/ansible-private
|
||||
$RESTORE_UMASK
|
||||
cd ansible-private/vpn/openvpn
|
||||
....
|
||||
|
||||
Next prepare your environment and run the build-key script. This example
|
||||
is for host "proxy4.fedora.iad2.redhat.com":
|
||||
|
||||
....
|
||||
. ./vars
|
||||
./build-key $FQDN # ./revoke-full $FQDN to revoke keys that are no longer used.
|
||||
git add .
|
||||
git commit -a
|
||||
git push
|
||||
....
|
||||
See xref:howtos:generate_openvpn_keys.adoc[How to generate private key and certificate for OpenVPN client]
|
||||
|
||||
=== Create Static IP
|
||||
|
||||
|
|
@ -122,15 +102,13 @@ RESTORE_UMASK=$(umask -p)
|
|||
umask 0077
|
||||
git clone /srv/git/ansible-private
|
||||
$RESTORE_UMASK
|
||||
cd ansible-private/vpn/openvpn
|
||||
cd ansible-private/files/vpn
|
||||
....
|
||||
|
||||
Next prepare your environment and run the build-key script. This example
|
||||
is for host "proxy4.fedora.iad2.redhat.com":
|
||||
Next, use the `easyrsa` command to revoke the certificate:
|
||||
|
||||
....
|
||||
. ./vars
|
||||
./revoke-full $FQDN
|
||||
/usr/share/easy-rsa/3.0/easyrsa revoke $FQDN
|
||||
git add .
|
||||
git commit -a
|
||||
git push
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue