uts-server/tests/cfg/pki/vars

# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"

#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"


# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"

# Increase this to 2048 if you
# are paranoid.  This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"

# X509 Subject Field
export KEY_NAME="EasyRSA"

# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234

# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"
adding a test pki 2016-08-26 19:11:17 +02:00			`# easy-rsa parameter settings`

			`# NOTE: If you installed from an RPM,`
			`# don't edit this file in place in`
			`# /usr/share/openvpn/easy-rsa --`
			`# instead, you should copy the whole`
			`# easy-rsa directory to another location`
			`# (such as /etc/openvpn) so that your`
			`# edits will not be wiped out by a future`
			`# OpenVPN package upgrade.`

			`# This variable should point to`
			`# the top level of the easy-rsa`
			`# tree.`
			export EASY_RSA="`pwd`"

			`#`
			`# This variable should point to`
			`# the requested executables`
			`#`
			`export OPENSSL="openssl"`
			`export PKCS11TOOL="pkcs11-tool"`
			`export GREP="grep"`


			`# This variable should point to`
			`# the openssl.cnf file included`
			`# with easy-rsa.`
			export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

			`# Edit this variable to point to`
			`# your soon-to-be-created key`
			`# directory.`
			`#`
			`# WARNING: clean-all will do`
			`# a rm -rf on this directory`
			`# so make sure you define`
			`# it correctly!`
			`export KEY_DIR="$EASY_RSA/keys"`

			`# Issue rm -rf warning`
			`echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR`

			`# PKCS11 fixes`
			`export PKCS11_MODULE_PATH="dummy"`
			`export PKCS11_PIN="dummy"`

			`# Increase this to 2048 if you`
			`# are paranoid. This will slow`
			`# down TLS negotiation performance`
			`# as well as the one-time DH parms`
			`# generation process.`
			`export KEY_SIZE=2048`

			`# In how many days should the root CA key expire?`
			`export CA_EXPIRE=3650`

			`# In how many days should certificates expire?`
			`export KEY_EXPIRE=3650`

			`# These are the default values for fields`
			`# which will be placed in the certificate.`
			`# Don't leave any of these fields blank.`
			`export KEY_COUNTRY="US"`
			`export KEY_PROVINCE="CA"`
			`export KEY_CITY="SanFrancisco"`
			`export KEY_ORG="Fort-Funston"`
			`export KEY_EMAIL="me@myhost.mydomain"`
			`export KEY_OU="MyOrganizationalUnit"`

			`# X509 Subject Field`
			`export KEY_NAME="EasyRSA"`

			`# PKCS11 Smart Card`
			`# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"`
			`# export PKCS11_PIN=1234`

			`# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below`
			`# You will also need to make sure your OpenVPN server config has the duplicate-cn option set`
			`# export KEY_CN="CommonName"`