upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-02-03 20:39:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
openvpn/sample/sample-keys
History
Gert Doering 8af210e49a Remove use of 'dh dh2048.pem' from sample configs, remove 'dh2048.pem' file 
Since commit bd9aa06feb (Jan 2015) OpenVPN has allowed to use
'--dh none' to disable traditional Diffie Hellman, since more secure
ECDH algorithms are available that do not use explicit DH parameters.

If configured with a suffiently high securelevel (3+), or if running in
FIPS mode, OpenSSL 3.5 will refuse 2048 bit DH files, making our tests
fail.

Thus, remove all the DH2048 stuff from our sample configs.

Github: triggered by OpenVPN/openvpn#819

Change-Id: If66438662bd862a195b2a69c4fa45f63838982b7
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250820175459.11227-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32632.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 2d73540316)
2025-08-20 23:11:53 +02:00
..
ca.crt sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
ca.key sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
client-ec.crt sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
client-ec.key sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
client-pass.key sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
client.crt sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
client.key sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
client.p12 sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
gen-sample-keys.sh Update Copyright statements to 2024 2024-03-18 18:49:36 +01:00
openssl.cnf Fix various spelling mistakes 2019-02-06 19:07:34 +01:00
README Modernize sample keys and sample configs 2014-11-15 17:45:10 +01:00
server-ec.crt sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
server-ec.key sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
server.crt sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
server.key sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00
ta.key sample-keys: renew for the next 10 years 2023-11-21 12:37:19 +01:00

README 

Sample RSA and EC keys.

Run ./gen-sample-keys.sh to generate fresh test keys.

See the examples section of the man page for usage examples.

NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY.
      DON'T USE THEM FOR ANY REAL WORK BECAUSE
      THEY ARE TOTALLY INSECURE!

ca.{crt,key}        -- sample CA key/cert
server.{crt,key}    -- sample server key/cert
client.{crt,key}    -- sample client key/cert
client-pass.key     -- sample client key with password-encrypted key
                       password = "password"
client.p12          -- sample client pkcs12 bundle
                       password = "password"
client-ec.{crt,key} -- sample elliptic curve client key/cert
server-ec.{crt,key} -- sample elliptic curve server key/cert