| |
@@ -0,0 +1,25 @@
|
| |
+ # How to generate private key and certificate for OpenVPN client
|
| |
+
|
| |
+ Doing this requires membership in sysadmin-main FAS group.
|
| |
+
|
| |
+ All the following commands should be ran on one of batcave hosts.
|
| |
+
|
| |
+ Clone `ansible-private` repo:
|
| |
+
|
| |
+ git clone /srv/git/ansible-private
|
| |
+
|
| |
+ Change into `files/vpn` subdirectory in cloned repo:
|
| |
+
|
| |
+ cd ansible-private/files/vpn
|
| |
+
|
| |
+ Run `addhost.sh` script to generate keys and cert, eg.:
|
| |
+
|
| |
+ ./addhost.sh proxy33.fedoraproject.org
|
| |
+
|
| |
+ Add generated files to git index, commit, push:
|
| |
+
|
| |
+ git status
|
| |
+ git add pki/certs_by_serial/3ADB026719C7AA872EED47711B46B79A.pem pki/issued/proxy33.fedoraproject.org.crt pki/private/proxy33.fedoraproject.org.key pki/reqs/proxy33.fedoraproject.org.req
|
| |
+ git commit -a -m "Add VPN key/cert for proxy33.fedoraproject.org"
|
| |
+ git show
|
| |
+ git push
|
| |