Giving access to a new user

This page has been moved to with the rest of the sysadmin documentation.

To allow a client to access the VPN server, you just have to create a client certificate following the procedure below; no configuration changes are needed on the server (the server automatically allows client certificates signed with our master certificate).

- Log into

- Source the ./vars file

. ./vars

- Choose a nickname for the certificate (CERTNAME in the example below); we usually choose the surname of the person requesting the certificate.


./build-key CERTNAME

- Answer all questions with the default answer, except for:

- In the ./keys directory, you'll find the CERTNAME.crt and CERTNAME.key files.

- Send a GPG-encrypted mail message to the user:

- Use the message template: ./newuser_message.txt

- Attach the certificates: ca, CERTNAME, CERTNAME.key

- Attach the sample configuration files contained in ./conf/client

WARNING: make sure to encrypt the message, since the client certificate and key are sensitive material!!!

- Update the SVN mirror of the server PKI in ./conf/ca

Run the ./conf/ca/ script

Creating a server certificate

Use the same procedure to create a client cert, except, run the ./build-key-server script

TechDocs/TechnicalProcesses/VPN/NewUser (last edited 2023-01-19 10:19:28 by tobiasd)