Pages

Monday, 25 February 2013

关于如何创建client2.crt和client2.key(原创文章)

网上大多数搭建openvpn的教程里,大多是这样说的(见下面的斜体字):
生成证书cd /etc/openvpn/easy-rsa/2.0/
# . ./vars    (第一个点后有一个空格) 

# ./clean-all     

# ./build-ca 

# ./build-key-server server

# ./build-key client1 
 (以此类推建立其他客户端的key
./build-key client2
./build-key client3)

  # ./build-dh
  但是当我运行./build-key client2,却出现提示:
as3:/etc/openvpn/easy-rsa/2.0# ./build-key client2
  Please edit the vars script to reflect your configuration,
  then source it with "source ./vars".
  Next, to start with a fresh PKI configuration and to delete any
  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool (pkitool) to build certificates/keys.
as3:/etc/openvpn/easy-rsa/2.0#


这时,你可这样做:
source ./vars
./build-key client2 (这样在/etc/openvpn/easy-rsa/2.0/keys/里面就会生成client2.crt,client2.key)


/etc/openvpn/easy-rsa/2.0/keys/里面的client2.crt,client2.key用winscp下载到本地电脑,(ca.crt之前和client1.crt,client1.key一起下载过,无需再次下载)然后复制到c:\program files\openvpn\config\里面。(如果里面有同名文件,需把此二文件更名)

然后新建客户机的配置文件client2.ovpn。这样用client2的证书文件和key文件即可连上openvpn server.