mirror of
https://github.com/angristan/openvpn-install.git
synced 2024-12-21 15:17:50 +01:00
Set client and server certificates validity to 10 years (#1235)
Prevent #974
This commit is contained in:
parent
67701fac77
commit
a189535563
@ -731,14 +731,14 @@ function installOpenVPN() {
|
||||
|
||||
# Create the PKI, set up the CA, the DH params and the server certificate
|
||||
./easyrsa init-pki
|
||||
./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
|
||||
EASYRSA_CA_EXPIRE=3650 ./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
|
||||
|
||||
if [[ $DH_TYPE == "2" ]]; then
|
||||
# ECDH keys are generated on-the-fly so we don't need to generate them beforehand
|
||||
openssl dhparam -out dh.pem $DH_KEY_SIZE
|
||||
fi
|
||||
|
||||
./easyrsa --batch build-server-full "$SERVER_NAME" nopass
|
||||
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full "$SERVER_NAME" nopass
|
||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
||||
|
||||
case $TLS_SIG in
|
||||
@ -1085,11 +1085,11 @@ function newClient() {
|
||||
cd /etc/openvpn/easy-rsa/ || return
|
||||
case $PASS in
|
||||
1)
|
||||
./easyrsa --batch build-client-full "$CLIENT" nopass
|
||||
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT" nopass
|
||||
;;
|
||||
2)
|
||||
echo "⚠️ You will be asked for the client password below ⚠️"
|
||||
./easyrsa --batch build-client-full "$CLIENT"
|
||||
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT"
|
||||
;;
|
||||
esac
|
||||
echo "Client $CLIENT added."
|
||||
|
Loading…
Reference in New Issue
Block a user