-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 First, thank you David, for your help.
Also, see below for how Easy-RSA can help, however you choose to deploy your VPN. For OpenVPN peer-fingerprint mode: Please note, Easy-RSA 3.2.2 also has commands: `self-sign-server` and `self-sign-client` These will build a server or client cert/key pair that is not signed by a CA key and can be used in OpenVPN peer-fingerprint mode. Easy-RSA also writes the certificate fingerprint to the inline file. For OpenVPN normal CA mode: And finally, Easy-RSA (On Linux) writes the decimal value of the certificate serial number to the inline file. That decimal can be used for the OpenVPN option --crl-verify, when using the 'dir' flag. The OpenVPN manual says: If the optional dir flag is specified, enable a different mode where the crl-verify is pointed at a directory containing files named as revoked serial numbers (the files may be empty, the contents are never read). If a client requests a connection, where the client certificate serial number (decimal string) is the name of a file present in the directory, it will be rejected. Regards -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsC5BAEBCgBtBYJn6KW0CZBPl5z2a5C4nUUUAAAAAAAcACBzYWx0QG5vdGF0 aW9ucy5vcGVucGdwanMub3JnO2OFWmq/UXA95Ff0LBgQaewIqrR41Rrbxkjn rwYXCegWIQQJvD1EZ6ONcnnFVVVPl5z2a5C4nQAAGqgIAMPDsAnSYpqyiZpQ 9V+KFb6GttpyL8EMxm+JncePmvV7Epn9gYWnK5lv9RDbWlYMgHe20NysZHee rG7TQTPqq7iY2yv/6Hf0GG5P5DLSN3eSTg5ryG+aD0x9d8YdVAKtlj8dxBgV efZflcbPOmPrxHkPrrftiTs84T8RruqkNiaE95vlw9Usp/pr7AfZ7Emq9fjp QRHdHOnZgunJyswfdFll7jCpvaAY7TYimX1vBW/hDmYktvGBfS+eayIjkk1H AAxz2z/WJMVpf6gzxDO9Cys3HXgpuAQ2mM6DRYikQo36Mw3F1gwpnK5YWu/A ZUuuNGt4maanRRivwNzQ2BHVYzk= =ILyL -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users