# ssl-admin from security/openvpn



## wblock@ (Aug 22, 2012)

ssl-admin(1) is a Perl script included with security/openvpn to make creating all the keys and certificates easier.  It uses different terminology than the older easy-rsa scripts.  So far, I've only found examples showing ssl-admin used to set up the server, like this one.  Examples showing the use of ssl-admin to generate client keys are extremely rare, like seeing the Loch Ness monster and a yeti in the same room.

If anyone can point to a complete ssl-admin openvpn _client_ example, or at least walk me through it, it would be much appreciated.


----------



## cpm@ (Aug 22, 2012)

I am sure, you found before: http://blog.ijun.org/2011/12/set-up-openvpn-server-on-freebsd.html


----------



## wblock@ (Aug 22, 2012)

Hadn't seen that one.  It uses the easy-rsa scripts, but has some interesting firewall details.


----------



## kpa (Aug 22, 2012)

There's a port of it too, security/ssl-admin. Here's how to create a client certificate:

- Select 0) if you want to edit the settings for the to be created certificates(s). Set common name (called Owner in the program) to something that identifies the client, you must set the common name to something if you use this option to edit the settings.

- Select 4) for one step request/sign. This will create the private key, the signing request and the signed certificate in one go. You'll be asked for the common name here if you didn't edit the settings.

- Answer the question if you want to password protect the private key. Set the password for the key if you answered yes (asked twice).

- You'll be asked for the CA key password to sign the signing request.

- Answer yes to "Can I move signing request (commonname.csr) to the csr directory for archiving?"

- The signed certificate (commonname.crt) and the key (commonname.key) will be in the active subdirectory.


----------

