Hi Johan on 21.01.2014 15:20, Johan Vermeulen wrote: > hello, > > no, I did not set this up. I cannot contact the person who did. > > Indeed, it would be better to start over from scratch. > Still, I would like to understand what went wrong. > > It do see in the Openvpn docs the advise to copy easy-rsa away from > /usr/local/openvpn so not to be > overwritten by updates. > So maybe that's what happened.
Consider the scripts that come with OpenVPN to be nothing but a crude template to give you an idea of what is needed for OpenVPN and other certificate based services. To find out what went wrong, you need to have some understanding of certificates and the openssl application and scripts. There are other tools that will allow you to create and maintain a CA depending on your requirements, one thing holds true however: The CA must not be on your production system nor on any other vulnerable system, best is a completely offline systems behind thick concrete walls. That said, I am using a portable version of XCA on a memory stick. cheers Erich
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users