Hoi Hans,
On 26/04/19 17:08, j.witvl...@mindef.nl wrote:
Hi all,
With the “ca” parameter, you should provide the full trust-chain of
the ca’s and sub0ca that signed the used certificate.
And, as far as I can remember, you can concatenate multiple
(pem-formatted) chains into one file.
correct , at least for the openssl-linked version of OpenVPN
Is there a limit on the length, or on the number of certificates, or
on the number of trust-chains ?
not really, AFAIK. I'd have to look through the OpenSSL source code to
see if there is an actual limit
I currently have 22 CA-certificates yielding a file of 46K. Is that
too much ??
46 K should be fine. However, you can try to reduce it by only including
the BEGIN CERTIFICATE/END CERTIFICATE blobs, the rest is fluff. Most
certificate blobs are about 1.5 KB in size, so you might be able to
reduce it to about 33 KB
HTH / groetjes,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
