Criar o certificado
O objetivo deste manual é criar um certificado para ser utilizado pelo OpenVPN. Neste exemplo configuraremos um certificado para:

Empresa: corpbth

Descrição: Blue Tree Corporativo.

E-Mail: cpd.parkbrasilia@bluetree.com.br

  1. Ir para o diretório onde serão gerados os certificados
    cd /root/certificados
    
  2. Criar os arquivos .key e .csr
    openssl req -nodes -new -keyout corpbth.key -out corpbth.csr
    
    Generating a 1024 bit RSA private key
    ...........++++++
    .........++++++
    writing new private key to 'corpbth.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:BR
    State or Province Name (full name) [Some-State]:DF
    Locality Name (eg, city) []:Brasilia
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bluetree
    Organizational Unit Name (eg, section) []:
    Common Name (eg, YOUR name) []:Blue Tree Corporativo
    Email Address []:cpd.parkbrasilia@bluetree.com.br
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    
  3. Criar o arquivo .crt
    openssl ca -out corpbth.crt -in corpbth.csr
    
    Using configuration from /etc/ssl/openssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
            Serial Number: 3 (0x3)
            Validity
                Not Before: Oct  5 20:38:33 2005 GMT
                Not After : Oct  3 20:38:33 2015 GMT
            Subject:
                countryName               = BR
                stateOrProvinceName       = DF
                organizationName          = Bluetree
                commonName                = Blue Tree Corporativo
                emailAddress              = cpd.parkbrasilia@bluetree.com.br
            X509v3 extensions:
                X509v3 Basic Constraints:
                    CA:FALSE
                Netscape Comment:
                    OpenSSL Generated Certificate
                X509v3 Subject Key Identifier:
                    5E:94:F7:76:C0:AE:42:49:B4:9A:28:22:13:D2:C4:75:0A:57:7B:36
                X509v3 Authority Key Identifier:
                    keyid:B4:F5:B2:93:33:EF:6E:E4:94:97:FA:81:4F:DE:C5:47:AD:71:F1:E0
                    DirName:/C=BR/ST=DF/L=Brasilia/O=Bluetree/CN=CPD/emailAddress=cpd.parkbrasilia@bluetree.com.br
                    serial:00
    
    Certificate is to be certified until Oct  3 20:38:33 2015 GMT (3650 days)
    Sign the certificate? [y/n]:y
    
    
    1 out of 1 certificate requests certified, commit? [y/n]y
    Write out database with 1 new entries
    Data Base Updated
    
  4. Criar um diretório temporário para copiar os certificados
    mkdir /tmp/cert
    
  5. Copiar os certificados
    cp corpbth.crt corpbth.key dh.pem bluetree-ca.crt /tmp/cert
    
  6. Conectar pelo winscp e baixar estes 4 arquivos da pasta /tmp/cert
  7. Remover a pasta /tmp/cert
IP
3.229.142.91