###### tags: `aws` # 使用OpenVPN easy-rsa 產生公私鑰 先從這邊下載執行檔 [點擊](https://github.com/OpenVPN/easy-rsa/tags) 執行擋下載下來後解壓縮並開啟terminal進入此資料夾 開始以下步驟 1. Initialize a new PKI environment. ``` $ ./easyrsa init-pki ``` 2. To build a new certificate authority (CA) ``` $ ./easyrsa build-ca nopass ``` 3. Generate the server certificate and key. ``` $ ./easyrsa build-server-full server nopass ``` 4. Generate the client certificate and key. ``` $ ./easyrsa build-client-full client1.domain.tld nopass ``` 5. Copy the server certificate and key and the client certificate and key to a custom folder and then navigate into the custom folder. ``` mkdir ~/custom_folder/ cp pki/ca.crt ~/custom_folder/ cp pki/issued/server.crt ~/custom_folder/ cp pki/private/server.key ~/custom_folder/ cp pki/issued/client1.domain.tld.crt ~/custom_folder cp pki/private/client1.domain.tld.key ~/custom_folder/ cd ~/custom_folder/ ```