VPN/docs/account-creation.md

1. run this command to generated rquired client file:
```commandline
cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full <username> nopass
```
# example create test client key for user name: [arthur] 
arthur@server:~/openvpn-ca$ ./easyrsa gen-req arthur nopass
Using Easy-RSA 'vars' configuration:
* /home/arthur/openvpn-ca/vars

Using SSL:
* openssl OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
....+...+...+..+.......+.....+......+...+.......+.....+...+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+...............+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+............+......+.......+.....+...+....+..+......+.......+......+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+......+....+..................+...+.....+.......+...+......+.....+....+.........+......+.....+....+..+.+........+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [arthur]:

Notice
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /home/arthur/openvpn-ca/pki/reqs/arthur.req
* key: /home/arthur/openvpn-ca/pki/private/arthur.key

arthur@server:~/openvpn-ca$ ./easyrsa sign-req client arthur
Using Easy-RSA 'vars' configuration:
* /home/arthur/openvpn-ca/vars

Using SSL:
* openssl OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
You are about to sign the following certificate:
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.
Request subject, to be signed as a client certificate 
for '825' days:

subject=
    commonName                = arthur

Type the word 'yes' to continue, or any other input to abort.
  Confirm request details: yes

Using configuration from /home/arthur/openvpn-ca/pki/openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'arthur'
Certificate is to be certified until Dec 19 04:09:41 2027 GMT (825 days)

Write out database with 1 new entries
Database updated

Notice
------
Certificate created at:
* /home/arthur/openvpn-ca/pki/issued/arthur.crt


2. OpenVPN Server Configuration\
```commandline

### Check location of key before copy 
------
CA creation complete. Your new CA certificate is at:
* /home/arthur/openvpn-ca/pki/ca.crt
------
Certificate created at:
* /home/arthur/openvpn-ca/pki/issued/server.crt
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /home/arthur/openvpn-ca/pki/reqs/server.req
* key: /home/arthur/openvpn-ca/pki/private/server.key
------
DH parameters of size 2048 created at:
* /home/arthur/openvpn-ca/pki/dh.pem
------
TA Key at: 
* /home/arthur/openvpn-ca/ta.key

### Start copying requirement files
arthur@server:~/openvpn-ca$ sudo cp pki/ca.crt pki/issued/server.crt pki/private/server.key ta.key pki/dh.pem /etc/openvpn/server/

### Check the destination again 
arthur@server:~/openvpn-ca$ ls -la  /etc/openvpn/server/
total 32
drwxr-xr-x 2 root root 4096 Sep 15 04:17 .
drwxr-xr-x 4 root root 4096 Sep 15 03:39 ..
-rw------- 1 root root 1245 Sep 15 04:17 ca.crt
-rw------- 1 root root  424 Sep 15 04:17 dh.pem
-rw------- 1 root root 4728 Sep 15 04:17 server.crt
-rw------- 1 root root 1708 Sep 15 04:17 server.key
-rw------- 1 root root  636 Sep 15 04:17 ta.key
```