Create sub-CAs for each purpose, and have each device only authenticate its own CA's stuff (by making that subCA the CAfile). The root is a convenience at that point to be able to authenticate the entire chain of anything produced by it.
-Kyle H On Wed, Jul 15, 2009 at 11:29 PM, stortoaranci<bid...@lucullo.it> wrote: > > Hi All, > > I just have a silly question on Openssl. > > I use a self-signed CA to sign several server/clients cert. > > For example I could use signed certs to implement an OpenVPN LAN and one > Wi-FI RADIUS auth for different clients. > > The question is: "how to be sure that a client allowed to use the wifi do > not use the same cert on the OpenVPN LAN"? > > In other words, how could I segratate clients using the same CA? > > thank you and sorry for my poor english. > > -- > View this message in context: > http://www.nabble.com/One-CA-for-many-clients-%28a-silly-question%29-tp24510806p24510806.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org