NOTE: This guide is not updated with the frequency of the official User Guide,
so please go there first.
Howto orignally made for EJBCA 3.1.x This document describes how to use EJBCA to create OpenVPN windows installer programs using the nsis package. It was developed and tested under debian. Contributed by Jon Bendtsen. Where to find software: EJBCA http://ejbca.sourceforge.net/ nsis http://nsiss.ourceforge.net/ OpenVPN http://openvpn.net/ Zipfiles with OpenVPN GUIs for windows: http://openvpn.se/files/install_packages_source/ http://www.kahalamicro.com/downloads/ 0) You need a working EJBCA installation 1) Install nsis 2) install the needed zipfile for use with nsis put it in the openvpn directory under the EJBCA homedir. 3) make sure nsis works with the contents of the above zipfile i had to change 3 letters in the zipfile from openvpn.se http://openvpn.se/files/install_packages_source/openvpn_install_source-2 .1beta7-gui-1.0.3.zip It was in the file called setpath.nsi, which looked for a .NSH file, but my debian supplied it as a .nsh file. Run it with makensis openvpn-gui.nsi 4) modify the needed contents of the openvpn-gui.nsi file. The parts i modify is right after: # Include your custom config file(s) here. where i write: SetOutPath "$INSTDIR\config" File "${HOME}\config\_-ORGANISATION-_.ovpn" File "${HOME}\config\_-USER-_.p12" The _-USER-_ and _-ORGANISATION-_ are later used by the mk_openvpn_windows_installer.sh to replace the _-USER-_ part with the username from EJBCA and the _-ORGANISATION-_ part are replaced with the O= or OU= part from the DN (Distinguised Name) from the certificate. I also modify the Section "Uninstall" Delete "$INSTDIR\config\*.ovpn" Delete "$INSTDIR\config\*.p12" Delete "$INSTDIR\config\*.*" Delete "$INSTDIR\log\*.*" ... RMDir "$INSTDIR\config" RMDir "$INSTDIR\log" RMDir "$INSTDIR"
to uninstall cleanly
See more in the nsis documentation.
5) re zip the source file so the new openvpn-gui.nsi and setpath.nsi are in the source zip file. 6) Edit mk_openvpn_windows_installer.sh to suit your needs Depending on what you want you can make this script use different configuration files for OpenVPN. The mk_openvpn_windows_installer.sh script uses the DN, parts of the DN or the username from EJBCA to choose which OpenVPN configuration will be included in the .exe file You can even use different versions of openvpn for different groups of people.