Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-05-09 10:18:22 +02:00
Code Issues Projects Releases Wiki Activity

Set client and server certificates validity to 10 years

Browse Source
This commit is contained in:
Stanislas Lange 2024-07-12 18:13:52 +02:00
parent 67701fac77
commit bd83463517
No known key found for this signature in database
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openvpn-install.sh
View File

@ -731,14 +731,14 @@ function installOpenVPN() {
# Create the PKI, set up the CA, the DH params and the server certificate
./easyrsa init-pki
./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
EASYRSA_CA_EXPIRE=3650 ./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
if [[ $DH_TYPE == "2" ]]; then
# ECDH keys are generated on-the-fly so we don't need to generate them beforehand
openssl dhparam -out dh.pem $DH_KEY_SIZE
fi
./easyrsa --batch build-server-full "$SERVER_NAME" nopass
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full "$SERVER_NAME" nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
case $TLS_SIG in
@ -1085,11 +1085,11 @@ function newClient() {
cd /etc/openvpn/easy-rsa/ || return
case $PASS in
1)
./easyrsa --batch build-client-full "$CLIENT" nopass
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT" nopass
;;
2)
echo "⚠️ You will be asked for the client password below ⚠️"
./easyrsa --batch build-client-full "$CLIENT"
EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "$CLIENT"
;;
esac
echo "Client $CLIENT added."