Hi, On Mon, Jan 08, 2024 at 12:02:58PM +0000, Peter Davis via Openvpn-users wrote: > 1- What tool do you use to generate server and client keys?
Something homegrown, based on easy-rsa
> 2- Assume that the keys have expired. Do I have to generate a new key again
> or can I renew the previous keys that I have copied in the server and client
> directory?
You can create a new certificate (.crt) for the same key (.key). Or you
can create a new key + new certificate.
The peer is interested in a valid certificate - and that is the thing with
the expiry date. The key *does not have* an expiry date, so it can not
expire.
> I still don't quite understand why I shouldn't delete the Easy-RSA directory
> after generating the keys!
If you throw away the easy-rsa directory, you remove your certificate
authority, and can never again create a client or server key+cert that will
be trusted by the existing setup. So, "no new clients" and "no new servers".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
