On 17.06.24 23:29, Mika Laitio wrote:
But what information I will need from the server side to generate the keys. Unless there are restrictions in algorithm used or key length?
(FWIW, the server admin asking for your "credentials" isn't quite enough to convince me that he is in fact thinking of X.509 certs based auth, rather than a shared secret (what OpenVPN calls "static key") or the --auth-user-pass option ...)
Even though you can stuff most of the details a cert can carry into your CSR, a CA signing your CSR doesn't need to copy *anything* other than your public key into the cert it creates. (In particular, he SHOULD NOT let you choose the CN for the cert, as he is supposed to ascertain that it's unique.) Assume that if he were *not* planning to override *every* detail he can, he would have suggested which params and values you should ponder for longer than it takes you to reach for your random generator.
On Mon, Jun 17, 2024 at 1:47 PM Antonio Quartulli <a...@unstable.cc<mailto:a...@unstable.cc>> wrote:On 17/06/2024 22:33, Mika Laitio wrote:So I would need to be connected to an openvpn server not hosted by me and the owner of the server asked me to send my credentials for the server key. At the moment I do not know the name of the server, ca-files of it or anything. I believe that once I send my public key, he can then generate the configuration file for me that I can use to connect to the server. (.opni)There are two ways to achieve this: 1) the admin generates the certificate/private key pair for you and send it over along with the config 2) you generate the public/private key pair and then you create a CSR(Certificate Signature Request) which you send over to the admin.IMHO your admin is asking to follow 2). Thus he wants you to create your key pair and a CSR, so that he can then create the certificate for you.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
