On 26/07/15 22:11, fm_vpnl...@xemaps.com wrote: > When doing the build-ca, build-key, etc, you are asked to input the values of > the following (even if defined in vars.bat, you have to confirm). My > question is, considering server and clients, which of the parameters > -must be the same? > -may be the same? > -must be different? > -may be different? > > set KEY_COUNTRY= > set KEY_PROVINCE= > set KEY_CITY= > set KEY_ORG= > set KEY_EMAIL= > set KEY_CN= > set KEY_NAME= > set KEY_OU=
All of these can be whatever you like. That is just strings which is presented in logs. The authentication happens on a cryptographic level, where the signature in a certificate must be valid when checked against a locally stored public CA key - which is the --ca certificate. > set PKCS11_MODULE_PATH= > set PKCS11_PIN= These are only valid/important if you use PKCS#11 tokens or smart cards, and must then be set to the proper drivers for the PKCS#11 technology of your choice. -- kind regards, David Sommerseth ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users