From 66fd5f90c113189e486abd42879bcefbc9d3f480 Mon Sep 17 00:00:00 2001 From: CVL-GitHub <jupiter.hu@monash.edu> Date: Mon, 3 Nov 2014 05:12:59 +0000 Subject: [PATCH] Add files --- roles/easy-rsa-CA-client/files/defaultConfig | 80 ++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 roles/easy-rsa-CA-client/files/defaultConfig diff --git a/roles/easy-rsa-CA-client/files/defaultConfig b/roles/easy-rsa-CA-client/files/defaultConfig new file mode 100644 index 00000000..af221dfe --- /dev/null +++ b/roles/easy-rsa-CA-client/files/defaultConfig @@ -0,0 +1,80 @@ +# easy-rsa parameter settings + +# NOTE: If you installed from an RPM, +# don't edit this file in place in +# /usr/share/openvpn/easy-rsa -- +# instead, you should copy the whole +# easy-rsa directory to another location +# (such as /etc/openvpn) so that your +# edits will not be wiped out by a future +# OpenVPN package upgrade. + +# This variable should point to +# the top level of the easy-rsa +# tree. +export EASY_RSA="/etc/easy-rsa/2.0" + +# +# This variable should point to +# the requested executables +# +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" + + +# This variable should point to +# the openssl.cnf file included +# with easy-rsa. +export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` + +# Edit this variable to point to +# your soon-to-be-created key +# directory. +# +# WARNING: clean-all will do +# a rm -rf on this directory +# so make sure you define +# it correctly! +export KEY_DIR="$EASY_RSA/keys" + +# Issue rm -rf warning +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR + +# PKCS11 fixes +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" + +# Increase this to 2048 if you +# are paranoid. This will slow +# down TLS negotiation performance +# as well as the one-time DH parms +# generation process. +export KEY_SIZE=512 + +# In how many days should the root CA key expire? +export CA_EXPIRE=3650 + +# In how many days should certificates expire? +export KEY_EXPIRE=3650 + +# These are the default values for fields +# which will be placed in the certificate. +# Don't leave any of these fields blank. +export KEY_COUNTRY="AU" +export KEY_PROVINCE="Victoria" +export KEY_CITY="Melbourne" +export KEY_ORG="Monash University" +export KEY_EMAIL="shahaan.ayyub@monash.edu" +export KEY_OU="MCC-R@CMON" + +# X509 Subject Field +export KEY_NAME="EasyRSA" + +# PKCS11 Smart Card +# export PKCS11_MODULE_PATH="/usr/lib/changeme.so" +# export PKCS11_PIN=1234 + +# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below +# You will also need to make sure your OpenVPN server config has the duplicate-cn option set +# export KEY_CN="CommonName" -- GitLab