Making OpenVPN key creation easier until we get a GUI
-
to utilize it, simply run this command from a shell:
fetch -o - http://www.pfsense.com/~sullrich/tools/easyrsa.txt | /bin/sh
404 file not found…..
-
fetch -o http://files.pfsense.org/extras/easyrsa.txt | /bin/sh
-
Has there been any update to this?
I looks like there is a project that may be easy to integrate into PFSense…
http://sourceforge.net/projects/php-ca
Just wondering...
-VideoMan
-
What would be very nice would be if someone could port the "Zerina" OpenVPN admin gui package to pfSense. If you don't know what Zerina is, it's a web interface ad-in package for the IPCop and Smoothwall Linux based firewall distros. Zerina makes the creating and managing of OpenVPN road warrior configs, including all the certificates, ip addressing and routing tasks, and all that stuff, trivially easy.
-
Thanks for these scripts, this is working great. Can you include a revoke-full script too? Or is there a revoke option in the pkitool that I'm not seeing?
Thanks!
-
I have finally found how to make that work… took a long time to understand but now i am good (bether) :)
The question of how to revoke is not answered yet can anyone help on how to do that since there is not anything in pkitool and there is no revoke option.
Tank you for your help and patience!
-
No expert but i think your right, it does look exactly the same as what was in my mind when i read gui for openVPN in pfsense. But with out the pfsense colors ;)
I wouldn't mind working on it, but i wouldn't know where to start :D
-
Anyone as a fix for that? Master sullrich surely as an idea ;)
Thank's
-
Can anyone help? If not in command line can i do it in windows using the revoke-full.bat in windows
Thank you!
-
Updated - I had the syntax wrong, and didn't include my changes to vars. This should be complete now.
–-----------------
I've got this working now, using a revoke-full script and some changes to the vars file. Steps to revoke are: run 'source ./vars' first, then ./revoke-full username, then post the new keys/crl.pem file to the configuration through the GUI.Here is the script:
#!/bin/sh # revoke a certificate, regenerate CRL, # and verify revocation CRL="crl.pem" RT="revoke-test.pem" if [ $# -ne 1 ]; then echo "usage: revoke-full <common-name>"; exit 1 fi if [ "$KEY_DIR" ]; then cd "$KEY_DIR" rm -f "$RT" # set defaults export KEY_CN="" export KEY_OU="" # revoke key and generate a new CRL $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" # generate a new CRL -- try to be compatible with # intermediate PKIs $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" if [ -e export-ca.crt ]; then cat export-ca.crt "$CRL" >"$RT" else cat ca.crt "$CRL" >"$RT" fi fi</common-name>
And the changes to vars:
. . # Changes to allow for revoke-full option setenv KEY_OU "$KEY_ORG" setenv KEY_CN "my.servername.com" #This should match the servername in your server cert setenv PKCS11_MODULE_PATH "$PKCS11TOOL" setenv PKCS11_PIN "dummy"