Generate OpenVPN Certificates and Keys
Generate OpenVPN certificates and keys for Yeastar S-Series VoIP PBX and clients.
If you want to open a new Command Prompt window to execute commands (i.e. create certificates for new client):
- Each time you open a new Command Prompt window, you need to execute
vars
command first, then execute other commands. - You don’t need to execute
init-config
command, unless you want to edit vars.bat file again.
Initialize the OpenVPN configuration
- Press Windows Key and R key, type
cmd
and press Enter key. - Navigate to %ProgramFiles%\OpenVPN\easy-rsa (e.g.
D:\OpenVPN\easy-rsa).
cd D:\OpenVPN\easy-rsa
- Initialize the configurations.
init-config
- Open the vars.bat file in a text
editor.
notepad vars.bat
- Change the
KEY_SIZE
settings.Usually, set the private key size to1024
or2048
.set KEY_SIZE=2048
- Edit the following lines to display your address and
company.
Later, when you make CA, certificates and keys, you will be asked to enter information that will be incorporated into your certificate request. If you change the default variables below, you don’t have to enter these information each time.
set KEY_COUNTRY=CN set KEY_PROVINCE=FJ set KEY_CITY=Xiamen set KEY_ORG=Yeastar set KEY_EMAIL=support@yeastar.com
- Save the vars.bat file and back to Command Prompt window.
- Change the
- Run the following commands, make sure you are operating in a clean environment.CAUTION: This will remove all certificates and keys from the keys directory.
vars clean-all
Build Certificate Authority (CA)
- Run the following command to create the ca.crt and
ca.key file in the keys
directory.
build-ca
- When prompted to enter information that will be incorporated into your
certificate request, enter your country, organization, etc.
Or press the Enter key to use the preset values appeared in brackets.
Important: The only parameter that must be explicitly entered is the Common Name. In the example below, we set Common Name toOpenVPN_CA
.Country Name (2 letter code) [CN]: State or Province Name (full name) [FJ]: Locality Name (eg, city) [Xiamen]: Organization Name (eg, company) [Yeastar]: Organizational Unit Name (eg, section) [changeme]:admin Common Name (eg, your name or your server's hostname) [changeme]:OpenVPN_CA Name [changeme]:Yeastar Email Address [support@yeastar.com]:
Build certificate and key for server
- Run the following command to create the
{server_name}.crt and
{server_name}.key file in
the keys directory.In the command below, we create server.crt and server.key.
build-key-server server
- When prompted to enter information that will be incorporated into your
certificate request, enter your country, organization, etc.
Or press the Enter key to use the preset values appeared in brackets.
Important: The only parameter that must be explicitly entered is the Common Name. Enter the same name as{server_name}. In the example below, we set Common Name toserver
.Country Name (2 letter code) [CN]: State or Province Name (full name) [FJ]: Locality Name (eg, city) [Xiamen]: Organization Name (eg, company) [Yeastar]: Organizational Unit Name (eg, section) [changeme]:admin Common Name (eg, your name or your server's hostname) [changeme]:server Name [changeme]:Yeastar Email Address [support@yeastar.com]:
- When prompted to sign the certificate and commit, type
y
and press the Enter key.Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y
Build certificate and key for client
- Run the following command to create the
{client_name}.crt and
{client_name}.key file in
the keys directory.
In the command below, we create client.crt and client.key.
build-key client
- When prompted to enter information that will be incorporated into your
certificate request, enter your country, organization, etc.
Or press the Enter key to use the preset values appeared in brackets.
Important: The only parameter that must be explicitly entered is the Common Name. Enter the same name as {client_name}. In the example below, we set Common Name toclient
.Country Name (2 letter code) [CN]: State or Province Name (full name) [FJ]: Locality Name (eg, city) [Xiamen]: Organization Name (eg, company) [Yeastar]: Organizational Unit Name (eg, section) [changeme]:admin Common Name (eg, your name or your server's hostname) [changeme]:client Name [changeme]:Yeastar Email Address [support@yeastar.com]:
- When prompted to sign the certificate and commit, type
y
and press the Enter key.Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y
- Repeat steps 1 to 3 to create Certificate & Key for each client
respectively.
For each client, choose a name to identify, such as
Windows.crt
andWindows.key
for Windows PC.
Build a ta.key
Run the following command to create ta.key file in the keys directory.
OpenVPN --genkey --secret keys/ta.key
Generate Diffie Hellman parameters
build-dh