On 18.08.23 21:22, Jason Long wrote:
1- In the round-robin mechanism, we can use the same keys for our servers, but each client uses its own key.
You *can* do that, yes.Since you apparently don't provide clients with a CRL or any other means to have server certs revoked, I guess it doesn't worsen your reaction time / options after a leaked server cert any *further*, anyway ...
2- So, the name that I entered in the "Common Name (eg: your user, host, or server name) [Easy-RSA CA]:" question, must be used in the "./easyrsa gen-req NAME nopass" and "./easyrsa sign-req server NAME" commands. Right?
NO. Reread what I wrote about the (hint: different) roles the certs generated by these two sets of commands have.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users