>On Tuesday, January 9th, 2024 at 2:40 PM, Antonio Quartulli <a...@unstable.cc> >wrote:
> Hi, > > On 09/01/2024 08:18, Peter Davis via Openvpn-users wrote: > > > Hi, > > So if I want to revoke the keys in the future and prevent clients from > > connecting to the server, then I need the Easy-RSA directory that I used to > > generate the keys at that time. is it true? > > > Correct. More specifically, you need the CA key in order to sign your > CRL (Certificate Revocation List). > > The CA is the trusted entity that is in charge of signing "documents" > that others need to accept. IF you delete it, you have no way of > creating new "documents". > > Cheers, > > > > -- > Antonio Quartulli Hi, In the Easy-RSA directory I have the following files and directories: easyrsa openssl-easyrsa.cnf pki ta.key vars x509-types Is it enough to keep the pki directory? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
