> On 18.08.23 21:22, Jason Long wrote: > 1- In the round-robin mechanism, we can use the same keys for our > servers, but each client uses its own key.
>You *can* do that, yes. >Since you apparently don't provide clients with a CRL or any other means >to have server certs revoked, I guess it doesn't worsen your reaction >time / options after a leaked server cert any *further*, anyway ... > 2- So, the name that I entered in the "Common Name (eg: your user, > host, or server name) [Easy-RSA CA]:" question, must be used in > the "./easyrsa gen-req NAME nopass" and "./easyrsa sign-req server > NAME" commands. Right? >NO. Reread what I wrote about the (hint: different) roles the certs >generated by these two sets of commands have. >Kind regards, >-- >Jochen Bern >Systemingenieur >Binect GmbH Hello, I have another questions: 1- I checked the "Subject" of the ca.crt file and my CN name is "Server". Now, I must change the "ccd" directory to "Server", but how about the file name under the "Server" directory? 2- Suppose you want to configure a server. Can you show me the names you enter for the commands below? # ./easyrsa build-ca nopass ... Common Name (eg: your user, host, or server name) [Easy-RSA CA]: "Your_Name" # ./easyrsa gen-req "Your_Name" nopass # ./easyrsa sign-req server "Your_Name" # ./easyrsa gen-req "Your_Name" nopass # ./easyrsa sign-req client "Your_Name" _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users