Hi, On Mon, Jan 15, 2024 at 06:25:38AM +0000, Peter Davis via Openvpn-users wrote: > Thanks again. > Should I run the following commands for each client? > > $ ./easyrsa gen-req <client name> nopass > $ ./easyrsa sign-req client <client name>
Sounds plausible (I'm not using current easy-rsa, but that's the normal
order of things - generate a client key+csr, sign the csr into a cert).
> If so, then the above commands will generate separate keys for each client,
> and each of those keys must be loaded into the configuration file!
I fail to understand that sentence. There is not "the configuration file",
as in "singular, one file". Each client has its own config file that goes
to the client computer - and yes, *this* config file needs to contain (or
reference) the key for *this* client.
The server config file ("singular") needs to know nothing about all these
client keys.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
