Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
openvpn [2009/02/23 11:47] a + change PCKS12 password |
openvpn [2009/06/23 09:35] 193.164.137.40 |
||
---|---|---|---|
Line 34: | Line 34: | ||
% openssl dhparam -check -text -5 512 | % openssl dhparam -check -text -5 512 | ||
% openssl dhparam -check -text -5 1024 -out dh1024.pem | % openssl dhparam -check -text -5 1024 -out dh1024.pem | ||
+ | |||
+ | ===== authenticate OpenVPN users against a plain text file ===== | ||
+ | <code bash| > | ||
+ | #/bin/sh | ||
+ | ########################################################### | ||
+ | # checkpsw.sh (C) 2004 Mathias Sundman < | ||
+ | # | ||
+ | # This script will authenticate OpenVPN users against | ||
+ | # a plain text file. The passfile should simply contain | ||
+ | # one row per user with the username first followed by | ||
+ | # one or more space(s) or tab(s) and then the password. | ||
+ | |||
+ | PASSFILE="/ | ||
+ | LOG_FILE="/ | ||
+ | TIME_STAMP=`date " | ||
+ | |||
+ | ########################################################### | ||
+ | |||
+ | if [ ! -r " | ||
+ | echo " | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | CORRECT_PASSWORD=`awk ' | ||
+ | |||
+ | if [ " | ||
+ | echo " | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | if [ " | ||
+ | echo " | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | echo " | ||
+ | exit 1 | ||
+ | </ | ||
Line 44: | Line 82: | ||
| | ||
| | ||
+ | |||
==== change PKCS12 password using OpenSSL ==== | ==== change PKCS12 password using OpenSSL ==== | ||
+ | |||
+ | FIXME - **not tested!** | ||
| | ||
Line 57: | Line 98: | ||
- New export password | - New export password | ||
+ | FIXME - alternative way | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | echo Exporting private KEY | ||
+ | openssl pkcs12 -nocerts -in $1 -out userkey.pem | ||
+ | echo Exporting public cert | ||
+ | openssl pkcs12 -nokeys -clcerts -in $1 -out usercert.pem | ||
+ | echo Exporting CA Cert | ||
+ | openssl pkcs12 -nokeys -cacerts -in $1 -out userca.pem | ||
+ | echo Creating new PKCS12 cert | ||
+ | openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -certfile userca.pem -name " | ||
+ | </ | ||