| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 |
- # easy-rsa parameter settings
- # These are the default values for fields
- # which will be placed in the certificate.
- # Don't leave any of these fields blank.
- export KEY_COUNTRY="FR"
- export KEY_PROVINCE="IF"
- export KEY_CITY="Paris"
- export KEY_ORG="rthoni"
- export KEY_EMAIL="root@rthoni.com"
-
- # NOTE: If you installed from an RPM,
- # don't edit this file in place in
- # /usr/share/openvpn/easy-rsa --
- # instead, you should copy the whole
- # easy-rsa directory to another location
- # (such as /etc/openvpn) so that your
- # edits will not be wiped out by a future
- # OpenVPN package upgrade.
-
- # This variable should point to
- # the top level of the easy-rsa
- # tree.
- export EASY_RSA="`pwd`"
-
- #
- # This variable should point to
- # the requested executables
- #
- export OPENSSL="openssl"
- export PKCS11TOOL="pkcs11-tool"
- export GREP="grep"
-
-
- # This variable should point to
- # the openssl.cnf file included
- # with easy-rsa.
- export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
- # Edit this variable to point to
- # your soon-to-be-created key
- # directory.
- #
- # WARNING: clean-all will do
- # a rm -rf on this directory
- # so make sure you define
- # it correctly!
- export KEY_DIR="$EASY_RSA/keys"
-
- # Issue rm -rf warning
- echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
- # PKCS11 fixes
- export PKCS11_MODULE_PATH="dummy"
- export PKCS11_PIN="dummy"
-
- # Increase this to 2048 if you
- # are paranoid. This will slow
- # down TLS negotiation performance
- # as well as the one-time DH parms
- # generation process.
- export KEY_SIZE=1024
-
- # In how many days should the root CA key expire?
- export CA_EXPIRE=3650
-
- # In how many days should certificates expire?
- export KEY_EXPIRE=3650
|
