3,704
edits
Changes
Jump to navigation
Jump to search
Line 73:
Line 73: − * Initialize your PKI+ − * Create a certificate for the server+ Line 91:
Line 91: − + − − − *Configure openvpn with the newly created certificates Line 106:
Line 103: − −
→Using PHPki to manage the certificates
With this new release, you can manage the certificates the way you want, but most of you will use [[PHPki]] for this.
With this new release, you can manage the certificates the way you want, but most of you will use [[PHPki]] for this.
=== Initialize your PKI ===
This should already be done as you have installed the contrib following [[PHPki#Installation|this how-to]]
This should already be done as you have installed the contrib following [[PHPki#Installation|this how-to]]
=== Create a certificate for the server ===
Now you need to create a certificate for OpenVPN on the server. For this, go in PHPki interface, then "create a new certificate". Here, you'll have to enter some informations about the certificate:
Now you need to create a certificate for OpenVPN on the server. For this, go in PHPki interface, then "create a new certificate". Here, you'll have to enter some informations about the certificate:
**Certificate Use: you should use "VPN Server Only"
**Certificate Use: you should use "VPN Server Only"
=== Configure openvpn with the newly created certificates ===
Now, you can configure OpenVPN with your certificates. Go in the server-manager->OpenVPN-Bridge->certificates configuration.
Now, you can configure OpenVPN with your certificates. Go in the server-manager->OpenVPN-Bridge->certificates configuration.
**DH Parameters: To get the DH Parameters, click on the "Display the Diffie-Hellman parameters" link in [[PHPki]]
**DH Parameters: To get the DH Parameters, click on the "Display the Diffie-Hellman parameters" link in [[PHPki]]
**Static Key: This is optional. You can get it using the "Display the static pre-shared key" link in [[PHPki]]. Note that if you enter this key on the server, you'll have to deploy it on each client.
**Static Key: This is optional. You can get it using the "Display the static pre-shared key" link in [[PHPki]]. Note that if you enter this key on the server, you'll have to deploy it on each client.
You can now submit the request. "Certificates are ready" should be displayed.
You can now submit the request. "Certificates are ready" should be displayed.