Commit aeb9e0bd by Matthew Monaco

Add instructions for getting an OpenVPN .crt

1 parent ea9c96b0
# CSEL OpenVPN
## Getting Access
To use the CSEL's [OpenVPN](https://openvpn.net) server, you need an
[OpenSSL](https://openssl.org) certificate signed by our certificate
authority. To get a certificate, start by choosing a *common name*. We
will only accept requests for names that match your `@colorado.edu`
email address plus a tag.
$ CN="matthew.monaco+desktop@colorado.edu"
$ openssl genrsa -out "$CN".key 2048
$ openssl req -new -key "$CN".key -out "$CN".csr -subj "/C=US/ST=Colorado/L=Boulder/O=University of Colorado/OU=Department of Computer Science/CN=$CN/emailAddress=admin@csel.cs.colorado.edu
A couple of things to note:
- The `.key` is **private**, do not share it. The `.csr` (certificate
signing request) is public, it can be shared.
- There can only be one active connection per certificate. It's fine to
use the same certificate on *e.g.*, your laptop and your desktop if
only one will be connected at a time.
- You can share one key among any number of certificates, however make
sure you transfer your key securely among machines. *There really isn't
a drawback to using separate keys though*.
- A keysize of 2048 is sufficient, but you can choose others such as 1024
4192, etc if you so desire.
Once your `.csr` is generated, email it to
[admin@csel.cs.colorado.edu](mailto:admin@csel.cs.colorado.edu). We
will generate a `.crt` \(certificate\) for you and place it in your CSEL
home directory. The `.crt` is public, it can't be used for much without
the **private** `.key` file.
## Connecting
TODO
<!-- vim: set nofoldenable tw=72 : -->
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!