openvpn howto make OCSP server using OpenSSL [Part2]

# At Server

create OCSP server using openssl ocsp at vpnserver
# cd /etc/openvpn/my_keys
# openssl ocsp -index keys/index.txt -port 4444 -CA keys/ca.crt -rsigner keys/ca.crt -rkey keys/ca.key -resp_text

download ocsp script at
save as /etc/openvpn/my_keys/,
this script will be use by openvpn server for check sertificate validation.

edit the script
# vim

at the end of the script add this echo command below "# check that it's good"
so become like this.
# check that it's good
  echo "OCSP status: $status"

make sure the scipt executable
# chmod 755

enable tls option,unmark ; at server.conf
script-security 2
tls-verify /etc/openvpn/my_keys/
tls-auth   /etc/openvpn/my_keys/ta.key 0

# openvpn --config server.conf

At Client

# scp /etc/openvpn/my_keys/ta.key root@

Back to client 
enable tls option, unmark ; at client.conf

ns-cert-type server
tls-auth /etc/openvpn/my_keys/ta.key 1

# openvpn --config client.conf


Popular posts from this blog

authentication failure using SSH pam_unix(sshd:auth): authentication failure;

Howto configure SPLUNK Universal Forwarder