Hi André
André Pohl wrote:
> i´ve installed beta2 and it looks verry good (and supports our new hardware :-
great
> ) )except some bugs (for example, it's not possible to create X.509 or
> X.509+PSK accounts in OpenVPN), which avoids to test the system in live-state.
It has never been planned to introduce a CA for openvpn like with ipsec.
You need
to manage your certificates on a external CA, preferible on your
workstation with
software like tinyca2 or Windows Certification Authority and handle the
openvpn server
on the firewall like the clients, besides that you need to create a
server certificate
for it.
We will not include a CA, since a firewall is normally not the place
where you want
to have a CA.
The CA necessarily must contain also the private key of the root
certificate in order to
sign certificates, so if one manages it to steal that private key, the
complete PKI
is compromised and you need to revoke and replace all certificates of
each of your
clients.
With a CA on the administrator's workstation or a separate CA server
unless one gets
access to that machine, you simply have to revoke and replace only the
compromised
certificate and the rest of the PKI remains perfectly secure.
> Does anybody know, when a beta3 or a stable version will be released ?
beta3 will be released end of this week if all goes on cleanly.
peter
--
:: e n d i a n
:: open source - open minds
:: peter warasin
:: http://www.endian.com :: [EMAIL PROTECTED]
begin:vcard
fn:Peter Warasin
n:;Peter Warasin
org:Endian GmbH/Srl
adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
email;internet:[EMAIL PROTECTED]
tel;work:+39 0471 631763
tel;fax:+39 0471 631764
x-mozilla-html:FALSE
url:http://www.endian.com
version:2.1
end:vcard
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
