Scribd Logo
Upload

Welcome to Scribd!

  • Howto Openvpn Ejbca

    Uploaded by

    João Borges
    6 views2 pages
    hy

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    hy

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    Howto Openvpn Ejbca

    Uploaded by

    João Borges
    hy

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    NOTE: This guide is not updated with the frequency of the official User Guide,

    so please go there first.


    Howto orignally made for EJBCA 3.1.x
    This document describes how to use EJBCA to create OpenVPN windows
    installer programs using the nsis package. It was developed and
    tested under debian.
    Contributed by Jon Bendtsen.
    Where to find software:
    EJBCA http://ejbca.sourceforge.net/
    nsis
    http://nsiss.ourceforge.net/
    OpenVPN http://openvpn.net/
    Zipfiles with OpenVPN GUIs for windows:
    http://openvpn.se/files/install_packages_source/
    http://www.kahalamicro.com/downloads/
    0) You need a working EJBCA installation
    1) Install nsis
    2) install the needed zipfile for use with nsis
    put it in the openvpn directory under the EJBCA homedir.
    3) make sure nsis works with the contents of the above zipfile
    i had to change 3 letters in the zipfile from openvpn.se
    http://openvpn.se/files/install_packages_source/openvpn_install_source-2
    .1beta7-gui-1.0.3.zip
    It was in the file called setpath.nsi, which looked for a .NSH
    file, but my debian supplied it as a .nsh file. Run it with
    makensis openvpn-gui.nsi
    4) modify the needed contents of the openvpn-gui.nsi file. The
    parts i modify is right after:
    # Include your custom config file(s) here.
    where i write:
    SetOutPath "$INSTDIR\config"
    File "${HOME}\config\_-ORGANISATION-_.ovpn"
    File "${HOME}\config\_-USER-_.p12"
    The _-USER-_ and _-ORGANISATION-_ are later used by the
    mk_openvpn_windows_installer.sh
    to replace the _-USER-_ part with the username from EJBCA and
    the _-ORGANISATION-_ part are replaced with the O= or OU= part
    from the DN (Distinguised Name) from the certificate.
    I also modify the
    Section "Uninstall"
    Delete "$INSTDIR\config\*.ovpn"
    Delete "$INSTDIR\config\*.p12"
    Delete "$INSTDIR\config\*.*"
    Delete "$INSTDIR\log\*.*"
    ...
    RMDir "$INSTDIR\config"
    RMDir "$INSTDIR\log"
    RMDir "$INSTDIR"

    to uninstall cleanly

    See more in the nsis documentation.


    5) re zip the source file so the new openvpn-gui.nsi and setpath.nsi
    are in the source zip file.
    6) Edit mk_openvpn_windows_installer.sh to suit your needs
    Depending on what you want you can make this script use
    different configuration files for OpenVPN.
    The mk_openvpn_windows_installer.sh script uses the DN,
    parts of the DN or the username from EJBCA to choose which
    OpenVPN configuration will be included in the .exe file
    You can even use different versions of openvpn for different
    groups of people.

    You might also like