On Wed, Jan 3, 2024 at 11:24 AM Gert Doering <g...@greenie.muc.de> wrote: > > Ideally, you wouldn't create the keys "on the server" anyway - in a > secure world, the CA key never leaves a *secure* machine for key generation, > and you'd create server key(s) and client keys on this machine, copying > to the target machines as are needed.
I'd argue that in the *idealest* world, the server and client keys are created on the server and client, and csr's and certificates get copied to and from a secure CA. But that's pure nitpicking, and your point absolutely stands. -Joe _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
