docker run -v /opt/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://acaiblog.top docker run -v /opt/openvpn:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
初始化的过程中需要输入域名和证书密码:
init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /etc/openvpn/pki
Generating a 2048 bit RSA private key .........................+++++ ...................................................................+++++ writing new private key to '/etc/openvpn/pki/private/ca.key.XXXXELNpeh' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [Easy-RSA CA]:acaiblog.top
CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: /etc/openvpn/pki/ca.crt
确认证书认证密码:
writing new private key to '/etc/openvpn/pki/private/acaiblog.top.key.XXXXnMNlip' ----- Using configuration from /usr/share/easy-rsa/openssl-easyrsa.cnf Enter pass phrase for /etc/openvpn/pki/private/ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'acaiblog.top' Certificate is to be certified until Dec 2 04:42:08 2028 GMT (3650 days)
Write out database with 1 new entries Data Base Updated Using configuration from /usr/share/easy-rsa/openssl-easyrsa.cnf Enter pass phrase for /etc/openvpn/pki/private/ca.key: An updated CRL has been created. CRL file: /etc/openvpn/pki/crl.pem
Generating a 2048 bit RSA private key .......................................................+++++ ...................+++++ writing new private key to '/etc/openvpn/pki/private/CLIENTNAME.key.XXXXpIdkeF' ----- Using configuration from /usr/share/easy-rsa/openssl-easyrsa.cnf Enter pass phrase for /etc/openvpn/pki/private/ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'CLIENTNAME' Certificate is to be certified until Dec 2 04:48:52 2028 GMT (3650 days)
Write out database with 1 new entries Data Base Updated
4.导出客户端证书
导出客户端证书到/root目录下
docker run -v /opt/openvpn/:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > /root/client-acaiblog.top.ovpn