SET UP YOUR CERTIFICATE AUTHORITY
1. SET UP CERTIFICATE AUTHORITY DIRECTORY
First, you need to copy the easy-rsa template directory to your home directory, so your custom certificates aren’t overwritten when the package is updated. So, open the Terminal and type the following: $ make-cadir ~/openvpn-ca $ cd ~/openvpn-ca $ nano vars
2. EDIT VARS FILE
Scroll down to the group of lines beginning “export KEY_ COUNTRY,” and fill them in with your own personal information— see the screenshot for an example. Note “KEY_ PROVINCE” should be filled with the state, such as “Mississippi” or “California.” Put your name or organization in “KEY_ORG,” and fill “KEY_OU” and “KEY_ NAME” with whatever you like, such as “MyVPN.” Save the file (Ctrl- O) and exit.
3. BUILD CERTIFICATE AUTHORITY
At the Terminal, verify you’re still in the openvpn- ca directory, then type: “source vars” and hit Enter. You should see a “NOTE” appear (see screenshot). Now type “./clean-all” and hit Enter, followed by “./ build- ca” and hit Enter. You’re taken through the root certificate authority key and certificate. Hit Enter when prompted to confirm each edit you made in the previous step.
4. GENERATE SERVER’S KEYS
Type “./ build-key-server MyVPN” and hit Enter, replacing “MyVPN” with the value you entered for “KEY_ NAME” in step 2. Hit Enter to accept the default choices as before. When prompted to create a challenge password, hit Enter to leave it blank, and hit Enter again when prompted for an optional company name. Complete the process by pressing Y to the last two prompts.