Vault OpenVPN PKI Roles

Client

allow_subdomains=true \
max_ttl="43800h" \
key_bits="4096" \
key_type="rsa" \
allow_any_name=true \
allow_bare_domains=false \
allow_glob_domain=false \
allow_ip_sans=false \
allow_localhost=false \
client_flag=true \
server_flag=false \
enforce_hostnames=false \
key_usage="DigitalSignature" \
ext_key_usage="ClientAuth" \
require_cn=true

Server

vault write pki_ovpn/roles/jthanio_server \
allowed_domains="jthan.io" \
allow_subdomains=true \
max_ttl="43800h" \
key_bits="4096" \
key_type="rsa" \
allow_any_name=false \
allow_bare_domains=false \
allow_glob_domain=false \
allow_ip_sans=true \
allow_localhost=false \
client_flag=false \
server_flag=true \
enforce_hostnames=true \
key_usage="DigitalSignature,KeyEncipherment" \
ext_key_usage="ServerAuth" \
require_cn=true

notes

Explorer

Vault OpenVPN PKI Roles

Client

Server

Graph View

Table of Contents