On 19.08.23 10:02, Bo Berglund wrote:
On Sat, 19 Aug 2023 07:03:01 +0000 (UTC), Jason Long via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:I have another questions: 1- I checked the "Subject" of the ca.crt file and my CN name is "Server". Now, I must change the "ccd" directory to "Server", but how about the file name under the "Server" directory?WHAT????? The ccd directory is defined in the server.conf file and could be named whatever you like. It has NOTHING whatever to do with the CommonName in any certificate or such!
To add to that, we're talking about the *CA* cert here (in spite of its CN reading "Server") and the CA isn't going to connect to the VPN server, so having a CCD¹ *whatever* to match its CN isn't going to do anything ever.
¹ That *does* still stand for "(Per-)*Client* Configurations Directory", right? :-3
2- Suppose you want to configure a server. Can you show me the names you enterfor the commands below?# ./easyrsa build-ca nopass ... Common Name (eg: your user, host, or server name) [Easy-RSA CA]: "Your_Name"
Binect Exasperation CA - A (When rotating CA certs, we "increment" the trailing letter.)
# ./easyrsa gen-req "Your_Name" nopass # ./easyrsa sign-req server "Your_Name"
exavpn.binect.de
# ./easyrsa gen-req "Your_Name" nopass # ./easyrsa sign-req client "Your_Name"
These create a *client* cert, which is unnecessary to "configure a *server*", strictly speaking.
Since you seem to plan to have a boatload of CCD files, which need to be named after the client certs' CN, I would probably revise my previous suggestion of "Jason Long's private cell phone" and go with something like "JasonLong_privCell" instead.
Not that it should be much news to you how *I* would name CA, server, and client certs, respectively, if you had read my previous posts ...
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users