Hi, On Tue, Jan 16, 2024 at 05:02:59PM +0000, Peter Davis via Openvpn-users wrote: > I have generated server keys and I have two questions for generating client > keys: > 1- I used the following two commands to generate keys for clients: > > # ./easyrsa gen-req <client name> nopass > # ./easyrsa sign-req client <client name> > > In the first command, I see the following message: > > Common Name (eg: your user, host or server name) [client name]: > > I just hit the enter key and the key was generated. I repeated the same thing > for the second client and just changed the name of the client. > Now, two clients should be able to connect to the OpenVPN server > simultaneously. Am I right?
Yes.
> 2- Are ca.key and ta.key the same for all clients?
ca.key must never leave the signing machine.
ca.*crt* is the same for all clients.
ta.key is for --tls-auth, and by definition, needs to be the same for
all clients.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
