Line 86: |
Line 86: |
| Now you need to create a certificate for OpenVPN on the server. For this, go in [[PHPki]] interface, then "create a new certificate". Here, you'll have to enter some informations about the certificate: | | Now you need to create a certificate for OpenVPN on the server. For this, go in [[PHPki]] interface, then "create a new certificate". Here, you'll have to enter some informations about the certificate: |
| | | |
− | **'''Common Name''': this is the name of the certificate. You can enter what you want, for example "openvpn-bridge"
| + | *'''Common Name''': this is the name of the certificate. You can enter what you want, for example "openvpn-bridge" |
− | **'''Email address''': the email address of the technical contact (this field is not used, you can enter what you want as long as it's a valid email address), for example admin@domain.tld
| + | *'''Email address''': the email address of the technical contact (this field is not used, you can enter what you want as long as it's a valid email address), for example admin@domain.tld |
− | **'''Organization''', '''Department''', '''Locality''', '''State and Country''' fields should have the values you entered when you have created your PKI. You can let those values.
| + | *'''Organization''', '''Department''', '''Locality''', '''State and Country''' fields should have the values you entered when you have created your PKI. You can let those values. |
− | **'''Password''': '''This field must be blank'''. Remember that OpenVPN daemon starts without human intervention when the server boots, so it need to have access to the certificate key without being prompted for a password.
| + | *'''Password''': '''This field must be blank'''. Remember that OpenVPN daemon starts without human intervention when the server boots, so it need to have access to the certificate key without being prompted for a password. |
− | **'''Certificate life''': How-long the certificate will be valid. Enter what you want, but remember, when the certificate expires, you'll have to create another one, and update it in OpenVPN Bridge panel.
| + | *'''Certificate life''': How-long the certificate will be valid. Enter what you want, but remember, when the certificate expires, you'll have to create another one, and update it in OpenVPN Bridge panel. |
− | **'''Key size''': you can enter what you want (I use 2048 in general). The bigger, the stronger, but will use a bit more CPU power when the session key is negotiated (at the connection, and once an hour)
| + | *'''Key size''': you can enter what you want (I use 2048 in general). The bigger, the stronger, but will use a bit more CPU power when the session key is negotiated (at the connection, and once an hour) |
− | **'''Certificate Use''': you should use "VPN Server Only". '''This is important'''. If you don't choose this type of certificates, clients may be unable to connect, or you may be unable to proceed as some other certificate uses won't allow an empty password.
| + | *'''Certificate Use''': you should use "VPN Server Only". '''This is important'''. If you don't choose this type of certificates, clients may be unable to connect, or you may be unable to proceed as some other certificate uses won't allow an empty password. |
| | | |
| Here's an example: | | Here's an example: |