Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 163

3 Accept the default parameters, but insert for Common Name the value server.
4 Answer the next two questions ("Sign the certificate? [y/n]" and "1 out of 1 cer-
tificate requests certified, commit? [y/n]") with y (yes).
After this procedure, the private server key is saved /usr/share/openvpn/
easy-ca/keys/server.*.
Procedure 16.3 Generate Certificates and Keys for a Client
1 Make sure your current directory is /usr/share/openvpn/easy-ca.
2 Create the key as in
(page 150):
./build-key client
3 Repeat the previous step for each client that is allowed to connect to the VPN
server. Make sure you use a different name (other than "client") and an appropriate
Common Name, because this parameter has to be unique for each client.
After this procedure, the certificate client keys are saved in /usr/share/openvpn/
easy-ca/keys/client.* (depending on the name that you have given for the
build-key command.)
Procedure 16.4 Some Final Configuration Steps
1 Make sure your current directory is /usr/share/openvpn/easy-ca.
2 Create the Diffie-Hellman parameter:
./build-dh
3 Copy the following files:
cp keys/ca.{crt,key} keys/dh1024.pem keys/server.{crt,key}
/etc/openvpn/ssl/
4 Copy the client keys to the respective client machine. You should have the files
client.crt and client.key in the /etc/openvpn/ssl directory.
Step 2 (page 150) from Generate The Private Server Key
Configuring VPN Server 151