# At Server 192.168.5.1
create OCSP server using openssl ocsp at vpnserver
download ocsp script at http://svn.openvpn.net/projects/openvpn/contrib/dazo/contrib/OCSP_check/OCSP_check.sh
save as /etc/openvpn/my_keys/ocsp.sh,
this script will be use by openvpn server for check sertificate validation.
edit the script
at the end of the script add this echo command below "# check that it's good"
so become like this.
make sure the scipt executable
enable tls option,unmark ; at server.conf
create OCSP server using openssl ocsp at vpnserver
# cd /etc/openvpn/my_keys # openssl ocsp -index keys/index.txt -port 4444 -CA keys/ca.crt -rsigner keys/ca.crt -rkey keys/ca.key -resp_text
download ocsp script at http://svn.openvpn.net/projects/openvpn/contrib/dazo/contrib/OCSP_check/OCSP_check.sh
save as /etc/openvpn/my_keys/ocsp.sh,
this script will be use by openvpn server for check sertificate validation.
edit the script
# vim ocsp.sh ocsp_url="http://192.168.5.1:4444" issuer="/etc/openvpn/my_keys/ca.crt" verify="/etc/eopnvpn/my_keys/ca.crt"
at the end of the script add this echo command below "# check that it's good"
so become like this.
# check that it's good echo "OCSP status: $status"
make sure the scipt executable
# chmod 755 ocsp.sh
enable tls option,unmark ; at server.conf
script-security 2 tls-verify /etc/openvpn/my_keys/ocsp.sh tls-auth /etc/openvpn/my_keys/ta.key 0
# openvpn --config server.conf
<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
At Client 192.168.5.5
Server
# scp /etc/openvpn/my_keys/ta.key root@192.168.5.5:/etc/openvpn/my_keys/
Back to client
enable tls option, unmark ; at client.conf
ns-cert-type server tls-auth /etc/openvpn/my_keys/ta.key 1
# openvpn --config client.conf
Comments
Post a Comment