Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 162

You can use two methods to create the respective certificates and keys:
• Use the YaST CA module (see
(page 159)), or
• Use the scripts included with the openvpn package.
Generating Certificates with easy-ca
The easy-ca utilities use the configuration file openssl.cnf stored under /usr/
share/openvpn/easy-ca. In most cases you can leave this file as it is.
Procedure 16.1 Generate the Master CA And Key
1 Open a shell and become root.
2 Change the directory to /usr/share/openvpn/easy-ca.
3 Edit the default values in the file vars. Change the variables KEY_COUNTRY,
4 Initialize the PKI:
5 Enter the respective data that is asked by the build-ca script. Usually you can
After this procedure, the master certificate and key is saved as /usr/share/
openvpn/easy-ca/keys/ca.*.
Procedure 16.2 Generate The Private Server Key
1 Make sure the directory is /usr/share/openvpn/easy-ca.
2 Run the following script:
150 Security Guide
KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL.
source ./vars && ./clean-all && ./build-ca
take the defaults that you have set in
is not set is the Common Name.
./build-key-server server
The argument (here: server) is used for the private key filename.
Chapter 17, Managing X.509 Certification
Step 3 (page 150). The only parameter that