Quick Start Server Only No CA mode

This page describes how a Server can use Easy-TLS to build their own self-signed certificate/key pair and inline file for use with OpenVPN

Download: easytls and easytls-openssl.cnf to a new folder.

Easy-TLS No-CA mode

• Easy-TLS in No-CA mode does not require an Easy-RSA PKI
  Also see: Quick Start guide: Server Only Full CA mode

Use Easy-TLS in No-CA mode as a Server only

1. Initialise Easy-TLS in No-CA mode: ./easytls init-tls no-ca
   

2. Create your self-signed Server X509 certificate: ./easytls self-sign-server wiscii
   Instead of wiscii use your Server name.

   This will create your public certificate and private key pair:

   • ./pki/easytls/wiscii.crt
     
   • ./pki/easytls/wiscii.key
     

   This will also generate your unique fingerprint:

   • ./pki/easytls/wiscii.fpr
     This is the only data which you must share with your Clients.
     

   This will also generate your OpenVPN inline file:

   • ./pki/easytls/wiscii.inline
     

You must now contact your Clients to get their Client fingerprints.
Then add those fingerprints to your Server inline file.

3. Add your the Client fingerprints to your Server inline file:
   
   • Open your inline file in a text editor and locate this section:

   <peer-fingerprint>
    * Replace this line with your peer's fingerprint *
   </peer-fingerprint>
   

   • Add the Client fingerprints:

   <peer-fingerprint>
   60:94:4E:25:E8:F3:87:34:23:66:D3:24:0C:92:75:FA:A3:27:56:B8:D9:1D:DB:64:87:21:F5:56:7A:8D:4A:3D
   8F:95:E2:F2:E4:3B:69:9A:E5:CD:33:90:A3:7B:C8:FA:AB:6E:52:59:AE:0F:21:7C:A1:D8:DC:CE:8D:BA:6A:97
   </peer-fingerprint>
   

You can now use your inline file in an OpenVPN configuration file for your Clients to connect to your Server.