2022-05-24 14:47:14 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
#
|
|
|
|
# Initialize the EasyRSA PKI
|
|
|
|
#
|
|
|
|
|
|
|
|
if [ "$DEBUG" == "1" ]; then
|
|
|
|
set -x
|
2022-10-11 12:59:40 +00:00
|
|
|
else
|
|
|
|
exec 2> /dev/null
|
2022-05-24 14:47:14 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
# Provides a sufficient warning before erasing pre-existing files
|
|
|
|
easyrsa init-pki
|
|
|
|
|
2022-07-07 12:44:39 +00:00
|
|
|
# we rely on external KMS
|
|
|
|
echo "BastionOpenVPNRootCA" | easyrsa build-ca nopass
|
2022-05-24 14:47:14 +00:00
|
|
|
|
|
|
|
easyrsa gen-dh
|
|
|
|
openvpn --genkey secret $EASYRSA_PKI/ta.key
|
|
|
|
|
|
|
|
easyrsa gen-crl
|
2022-10-11 12:59:40 +00:00
|
|
|
|
|
|
|
echo "Successfully bootstrapped PKI"
|