zdt-openvpn/bin/ovpn_initpki

28 lines
407 B
Bash
Executable File

#!/bin/bash
#
# Initialize the EasyRSA PKI
#
if [ "$DEBUG" == "1" ]; then
env
set -x
else
exec 2> /dev/null
fi
set -e
# Provides a sufficient warning before erasing pre-existing files
easyrsa init-pki
# we rely on external KMS
echo "BastionOpenVPNRootCA" | easyrsa build-ca nopass
easyrsa gen-dh
openvpn --genkey secret $EASYRSA_PKI/ta.key
easyrsa gen-crl
echo "Successfully bootstrapped PKI"