From e8eca8f8cb078b8d426ddd45f64bfc4e77250b2c Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Jul 31 2020 11:54:45 +0000
Subject: Document generating VPN keys


---

diff --git a/generate_openvpn_keys.md b/generate_openvpn_keys.md
new file mode 100644
index 0000000..cd95e98
--- /dev/null
+++ b/generate_openvpn_keys.md
@@ -0,0 +1,25 @@
+# How to generate private key and certificate for OpenVPN client
+
+Doing this requires membership in sysadmin-main FAS group.
+
+All the following commands should be ran on one of batcave hosts.
+
+Clone `ansible-private` repo:
+
+    git clone /srv/git/ansible-private
+
+Change into `files/vpn` subdirectory in cloned repo:
+
+    cd ansible-private/files/vpn
+
+Run `addhost.sh` script to generate keys and cert, eg.:
+
+    ./addhost.sh proxy33.fedoraproject.org
+
+Add generated files to git index, commit, push:
+
+    git status
+    git add pki/certs_by_serial/3ADB026719C7AA872EED47711B46B79A.pem pki/issued/proxy33.fedoraproject.org.crt pki/private/proxy33.fedoraproject.org.key pki/reqs/proxy33.fedoraproject.org.req
+    git commit -a -m "Add VPN key/cert for proxy33.fedoraproject.org"
+    git show
+    git push