how to: create openvpn centos 6.3 x64 with certificates

Some parts of this tutorial are not working anymore. New version available here


Default centos repositoryt doesn’t have openvpn package, so lets add epel repository first.
I downloaded it from this mirror here.


downloading repo:

and installing repo:

After that, You can install openvpn package:


cd to easy-rsa subdirectory in openvpn catalog.
In my case it was: /usr/share/openvpn/easy-rsa. And copy that dir to /etc/openvpn, that our files wouldn’t be overwritten on updates.

edit vars file, to reflect Your needs

i notice’d that PKCS11_MODULE_PATH and PKCS11_PIN are mentioned 2 times. Leave those which are with “dummy”.
Comment out the rest:

also changed default keys export directory, to make easier in future to maintain keys
create dir /etc/openvpn/keys and in config file:

make symbolic link of openssl config

Initialize the public-key infastructure:

output:

Let’s generate Server certificate:

output:

my openvpn config file /etc/server.conf:

restart openvpn service and You’re ready to go!

Some parts of this tutorial are not working anymore. New version available here

Leave a Reply