#!/bin/bash # # Initialize the EasyRSA PKI # if [ "$DEBUG" == "1" ]; then set -x fi set -e # Provides a sufficient warning before erasing pre-existing files easyrsa init-pki # we rely on external KMS echo "BastionOpenVPNRootCA" | easyrsa build-ca nopass easyrsa gen-dh openvpn --genkey secret $EASYRSA_PKI/ta.key easyrsa gen-crl