Shellpki is a very tiny and easy PKI in command lines.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Victor Laborie 6684fb4d71 Use 4096 bits for CA key 1 year ago add a 2 years ago
openssl.cnf Add v3_ca extension when generating CA. 2 years ago Use 4096 bits for CA key 1 year ago


This script is a wrapper around openssl to manage all the pki stuff for openvpn.


First create the directory, put the script in it and the openssl configuration file. You may certainly need to edit the configuration.

mkdir -p /etc/openvpn/ssl
cp /path/to/ /etc/openvpn/ssl/
cp /path/to/openssl.cnf /etc/openvpn/ssl/
$EDITOR /etc/openvpn/ssl/openssl.cnf

Then you’ll need to initialize the pki.

cd /etc/openvpn/ssl
sh init

Once it’s done, you can create all the certificates you need.

sh create