Set up your Certificate Authority
1 SET UP CERTIFICATE AUTHORITY DIRECTORY
First, you need to copy the easy-rsa template directory to your home directory, so your custom certificates aren’t overwritten when the package is updated. So open the Terminal and type the following: $ make-cadir ~/openvpn-ca $ cd ~/openvpn-ca $ nano vars
3 BUILD CERTIFICATE AUTHORITY
At the Terminal, verify you’re still in the openvpn-ca directory, then type: “source vars” and hit Enter. You should see a ‘NOTE’ appear (see screenshot). Now type “./clean-all” and hit Enter, followed by “./build-ca” and hit Enter. You’re taken through the root certificate authority key and certificate. Hit Enter when prompted to confirm each edit you made in the previous step.
2 EDIT VARS FILE
Scroll down to the group of lines beginning “export KEY_ COUNTRY” and fill them in with your own personal information — see the screenshot for an example. Note “KEY_PROVINCE” should be filled with the state, such as ‘Victoria’ or ‘Queensland’. Put your name or organisation in ‘KEY_ORG’ and fill ‘KEY_OU’ and ‘KEY_NAME’ with whatever you like, such as “MyVPN”. Save the file (‘Ctrl- O’) and exit.
4 GENERATE SERVER’S KEYS
Type “./build-key-server MyVPN” and hit Enter, replacing ‘MyVPN’ with the value you entered for ‘KEY_NAME’ in step 2. Hit Enter to accept the default choices as before. When prompted to create a challenge password, hit Enter to leave it blank, and hit Enter again when prompted for an optional company name. Complete the process by pressing ‘Y’ to the last two prompts.