Hi, On Tue, Apr 06, 2021 at 04:39:06PM +0000, tincantech via Openvpn-users wrote: > can somebody please explain why --tls-verify is run for the server > certificate ? > EG: certificate_depth=1 > > I cannot find a reason to drop a remote client based on the server > certificate. > > Calling --tls-verify to verify my server certificate seems to be a waste of > server resources and connection setup time.
That shouldn't be the server certificate. Depending on your CA setup
it's either the (root) CA or an intermediate CA cert.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
