zdt-openvpn/bin/ovpn_initpki

23 lines
338 B
Bash
Executable File

#!/bin/bash
#
# Initialize the EasyRSA PKI
#
if [ "$DEBUG" == "1" ]; then
set -x
fi
set -e
# Provides a sufficient warning before erasing pre-existing files
easyrsa init-pki
# we rely on external KMS
echo "BastionOpenVPNRootCA" | easyrsa build-ca nopass
easyrsa gen-dh
openvpn --genkey secret $EASYRSA_PKI/ta.key
easyrsa gen-crl