This utility is designed as easy-rsa replacement suitable for one exact use case.
It's basically a wrapper around OpenSSL API to:
- create a self-signed CA
- create client and server certificates and pack them to ZIP files along with the OpenVPN config
- revoke the certificates
- create a DH keyfile
It supports encrypting .key
files with a passphrase (there is an option to disable that).
It can be used with a non-self signed CA, just place your ca.key
and ca.crt
in the keys directory and skip the --ca
step.
It can be used to manage a non-OpenVPN CA, in that case --zip
and --static
steps will be useless, but all others will work.
OpenVPN static keys are supported partially, as they should be used for tls-auth
/tls-crypt
only.
Please note that they are not encrypted regardless of --nopass
option.
For now this utility should be considered experimental and rather undocumented.
If you're brave, let me know, where the problems are.
- Get Ruby
- Run
gem install ovpn-key
ovpn-key --init
- edit
ovpn-key.yml
ovpn-key --ca --dh
ovpn-key --server --nopass
ovpn-key --client somebody [--nopass]
ovpn-key --revoke somebody
ovpn-key --static
(generatesta.key
)- add a file with
.ovpn
extension to the directory
it should contain every setting except forcert
andkey
ovpn-key --zip somebody-else [--nopass]
It's just a single simple YAML file named ovpn-key.yml
.
ovpn-key also processes ~/.ovpn-key.yml
file, for now it has only one possible setting:
cd: ~/some/path
This setting is used as a default directory if:
- current directory does not have
ovpn-key.yml
--init
is not specified
If you specify the default directory, you don't need to travel to it every time you want to launch ovpn-key
, i.e. you can use it from your home directory or any other, as long as requirements above are met.