# Easy-RSA Parameter Settings
# Note: If You Installed from An RPM,
# DON'T EDIT This File in Place in
# / usr / Share / OpenVPN / Easy-RSA -
# INSTEAD, You Should Copy The Whole
# Easy-RSA Directory To Another Location
# (Such As / etc / OpenVPN) So that your you
# EDITS WILL NOT BE WIPED OUT BY A FUTURE
# OpenVPN Package Upgrade.
# THIS Variable Should Point To
# THE TOP LEVEL OF THE EASY-RSA
# Tree.
EXPORT EASY_RSA = "/ ETC / EASY-RSA"
#
# THIS Variable Should Point To
# THE REQUESTED EXECUTABLES
#
export OPENSSL = "openssl"
export PKCS11TOOL = "pkcs11-tool"
export GREP = "grep"
# THIS Variable Should Point To
# The Openssl.cnf file included
# WITH EASY-RSA.
Export key_config = `/ usr / sbin / WhichOplenslcnf $ Easy_RSA`
# Edit this Variable to Point To
# Your Soon-to-Be-Created Key
# Directory.
#
# Warning: Clean-All Will Do
# A RM -RF On this Directory
# SO Make Sure You Define
# It Correctly!
export KEY_DIR = "$ EASY_RSA / keys"
# Issue Rm -rf Warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $ KEY_DIR
# PKCS11 Fixes
export PKCS11_MODULE_PATH = "dummy"
export PKCS11_PIN = "dummy"
# INCREASE THIS TO 2048 IF You
# ARE PARANOID. This Will Slow.
# DOWN TLS NEGOTIATION PERFORMANCE
# AS Well As The One-Time DH Parms
# Generation Process.
export KEY_SIZE = 2048
# In How Many Days Should The Root Ca Key Expire?
export CA_EXPIRE = 3650
# In How Many Days Should Certificates Expire?
export KEY_EXPIRE = 3650
# THESE ARE THE DEFAULT VALUES FOR FIELDS
# Which Will Be Placed in the Certificate.
# DON'T LEAVE Any of These Fields Blank.
EXPORT KEY_COUNTRY = "UA"
EXPORT KEY_PROVINCE = "KIEV"
Export key_city = "kiev"
Export Key_org = "OpenWRT"
Export Key_Email = "[email protected]"
EXPORT KEY_OU = "OFFICE"
Export Key_name = "KeyName" # X509 Subject Field
export KEY_NAME = "EasyRSA"
# PKCS11 Smart Card
# EXPORT PKCS11_MODULE_PATH = "/ USR / LIB / CHANGEME.SO"
# EXPORT PKCS11_PIN = 1234
# If You'D Like to Sign All Keys With the Same Common Name, Uncomment The Key_cn Export Below
# You Will Also Need to Make Sure Your OpenVPN Server Config Has The Duplicate-CN Option Set
# EXPORT KEY_CN = "COMMONNAME"