VPN (Virtual Private Network) is using in my management system. As a requirement, the administrator can create the certificate (crt file) for VPN client remotely, the information as well as the files of these certificates should be stored in database so that the admin can download them from web UI.
I installed the open source OpenVPN, this tool is simple but robust enough to provide the access from the server VPN to client VPN. However, the disadvantage is that you can only use terminal to generate the crt file :(.
Here are some solutions but I suppose none of them is acceptable.
The first solution is to using ssh to remote access the VPN server then manually create the crt files. Also, create a service to scan the keys folder of VPN to update these files into database. This solution is the easiest way to do but there is no provision of user friendly.
The second solution is to write an bash script file which contains all the manual command to yield the certificate. However, how to trigger this file? From web UI or ssh? If ssh, this solution is not much better than the previous one. If web UI, then nice! but the barrier is that openvpn auto use the openssl of the xampp server instead of itself openssl, which incorrectly generates the crt file and of course, client cannot use these files. It is very helpful if there is a way to tell openvpn to use itself openssl version :)
I am still researching to find out a way. :))
Updated
Finally, I found a way to generate certificate remotely. Below is my method in details.
I write service in java that run background and scan the database every 2s to see if there is any request to generate OpenVPN key file. If any, this service will call the .sh file which contain all commands to generate the certificate.
Notice, this jar file must be located at the folder of OpenVPN: /etc/openvpn/easy-rsa/
Done!
I installed the open source OpenVPN, this tool is simple but robust enough to provide the access from the server VPN to client VPN. However, the disadvantage is that you can only use terminal to generate the crt file :(.
Here are some solutions but I suppose none of them is acceptable.
The first solution is to using ssh to remote access the VPN server then manually create the crt files. Also, create a service to scan the keys folder of VPN to update these files into database. This solution is the easiest way to do but there is no provision of user friendly.
The second solution is to write an bash script file which contains all the manual command to yield the certificate. However, how to trigger this file? From web UI or ssh? If ssh, this solution is not much better than the previous one. If web UI, then nice! but the barrier is that openvpn auto use the openssl of the xampp server instead of itself openssl, which incorrectly generates the crt file and of course, client cannot use these files. It is very helpful if there is a way to tell openvpn to use itself openssl version :)
I am still researching to find out a way. :))
Updated
Finally, I found a way to generate certificate remotely. Below is my method in details.
I write service in java that run background and scan the database every 2s to see if there is any request to generate OpenVPN key file. If any, this service will call the .sh file which contain all commands to generate the certificate.
Notice, this jar file must be located at the folder of OpenVPN: /etc/openvpn/easy-rsa/
Done!
Comments
Post a Comment