ai:/usr/share/openvpn/easy-rsa # ./build-ca Generating a 1024 bit RSA private key ............++++++ ...........++++++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [KG]: 国家名2位字母,默认的参数就是我们刚才修改过的。 State or Province Name (full name) [NA]: 省、州名2位字母 Locality Name (eg, city) [BISHKEK]: 城市名 Organization Name (eg, company) [OpenVPN-TEST]: 组织名 Organizational Unit Name (eg, section) []: 组织里的单位名 Common Name (eg, your name or your server's hostname) []:这个是关键,应该输入颁发根证书单位的域名
2. 现在制作服务器证书: 在命令提示符下,输入 build-key-server server 回车 你会看到和上面很相似的东西 但要注意这里的Common Name (eg, your name or your server's hostname) []: 这个才是真正的关键。这里应该输入服务器的域名比如。 如果没有域名,就应该填ip,与httpd.conf和ssl.conf里的设置对应, ServerName 10.10.10.10:80(httpd.conf) ServerName 10.10.10.10:443(ssl.conf)
也就是说填:10.10.10.10
接下来看到 a challenge password []:填不填随便,我不填 an optional company name []: 填不填随便,我不填
sign the certificate? [y/n] 敲y回车。用CA根证书对服务器证书签字认证。 1 out 1 certificate requests certified,commit? [y/n] 敲y回车,确认。