TechDocs/TechnicalProcesses/VPN/NewUser

Giving access to a new user

To allow a client to access the VPN server, you just have to create a client certificate following the procedure below; no configuration changes are needed on the server (the server automatically allows client certificates signed with our master certificate).

- Log into vpn.fsfe.org:/root/wrk/vpn/easy-rsa

- Source the ./vars file

. ./vars

- Choose a nickname for the certificate (CERTNAME in the example below); we usually choose the surname of the person requesting the certificate.

Run:

./build-key CERTNAME

- Answer all questions with the default answer, except for:

- In the ./keys directory, you'll find the CERTNAME.crt and CERTNAME.key files.

- Send a GPG-encrypted mail message to the user:

- Use the message template: ./newuser_message.txt

- Attach the certificates: ca, CERTNAME, CERTNAME.key

- Attach the sample configuration files contained in ./conf/client

WARNING: make sure to encrypt the message, since the client certificate and key are sensitive material!!!

- Update the SVN mirror of the server PKI in ./conf/ca

Run the ./conf/ca/getconf.sh script

Creating a server certificate

Use the same procedure to create a client cert, except, run the ./build-key-server script

TechDocs/TechnicalProcesses/VPN/NewUser (last edited 2018-04-24 07:18:50 by vincent)