Recently, I configured a raspberry, as a small server to practice with the network and in it I installed OpenVPN. For sample certificates I used the command
pivpn -a, as suggested by OpenVPN. But now I want to create my own certificates because I need to insert in them an expiration date for the examples.
After a lot of research on the Internet, I did not find anything that worked, since most of the examples provided by users are old versions of OpenVPN, the only thing I learned was that I need openssl to create my certificates.
So I run the following commands to create my certificates:
sudo openssl req -new -key ca.key> mycert.csr sudo openssl x509 -req -days 1 -in ./mycert.csr / -signkey /etc/openvpn/easy-rsa/pki/private/ca.key -out some.crt
ca.key is the key generated when I installed OpenVPN, at this point I tried to combine certificates and keys, as suggested by many tutorials:
client dev tun proto udp remote
1194 infinite resolution-retry nobind persistent key persistent remote server-cert-tls tls-version-min 1.2 verify-x509-name first name AES-256-CBC encryption auth SHA256 auth-nocache verb 3 ----- BEGIN CERTIFICATE ----- #my ca.crt ----- FINAL CERTIFICATE ----- ----- BEGIN CERTIFICATE ----- #the file some.crt, which I created before ----- FINAL CERTIFICATE ----- ----- BEGIN PRIVATE PRIVATE CODE ----- # I have no idea what I have to write there. ----- PRIVATE CODE FINAL ENTRY ----- # # 2048 bit static key OpenVPN # ----- START OpenVPN static key V1 ----- # my ta.key ----- FINAL OpenVPN static key V1 -----
I'm stuck at this point, because in the section of encrypted private key someone says that there I have to put client.key, so the key that I used to sign my certificate, but it does not work.
Do I mess up some steps or is this the right way to achieve what I want?