Sorry, I'm in meeting mode at the moment. Just time to fire in a quick comment here...
> George's is not known - but the best guess is that he may be using > another external key loader (such as pkcs11, or maybe an android/ios > client. Nope. Just the following: # TLS parameters dh /etc/openvpn/dh1024.pem tls-server ca /etc/openvpn/EdUniRootCA.crt cert /etc/openvpn/openvpn.crt+chain extra-certs /etc/openvpn/openvpn.chain key /etc/openvpn/openvpn.key tls-verify /usr/lib/openvpn/dice-kx509-verify tls-auth /etc/openvpn/tls.auth SL6.something Linux on both ends, on a Dell server and a Dell laptop. On our server side the certificate chain goes: University CA -> School CA -> service-signing CA -> service cert. The first two of these are kept off-line. On the client side it goes: University CA -> School CA -> KCA -> kx509-cert. I wonder if that's just longer than most people use? -- George D M Ross MSc PhD CEng MBCS CITP, University of Edinburgh, School of Informatics, 10 Crichton Street, Edinburgh, Scotland, EH8 9AB Mail: g...@inf.ed.ac.uk Voice: 0131 650 5147 Fax: 0131 650 6899 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
pgp8Kngt0YJ7D.pgp
Description: PGP signature
