From 050d4a1f82fff2816adf5971d81097e2e6e5b096 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Wed, 26 Aug 2015 13:00:17 +0200 Subject: [PATCH] ovpn_copy_server_files: Ensure that no other keys then the one for the server is present. When creating a multi-server setup I used a partly copied, partly symlinked directory structure for the different servers after creating a certificate for each server with `easyrsa build-server-full`. In that process I also copied the `server` directory. The rsync command does not delete files which are not excluded so it included the correct server key and the original one which can be a security risk. --- bin/ovpn_copy_server_files | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/ovpn_copy_server_files b/bin/ovpn_copy_server_files index e5d6195..fdc62be 100755 --- a/bin/ovpn_copy_server_files +++ b/bin/ovpn_copy_server_files @@ -17,6 +17,9 @@ else TARGET="$OPENVPN/server" fi +## Ensure that no other keys then the one for the server is present. +rm --recursive --force "$TARGET/pki/private" "$TARGET/pki/issued" + echo " pki/private/${OVPN_CN}.key pki/issued/${OVPN_CN}.crt