-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

First, thank you David, for your help.

Also, see below for how Easy-RSA can help, however you choose to
deploy your VPN.


For OpenVPN peer-fingerprint mode:

Please note, Easy-RSA 3.2.2 also has commands:
`self-sign-server` and `self-sign-client`

These will build a server or client cert/key pair that is not signed
by a CA key and can be used in OpenVPN peer-fingerprint mode.

Easy-RSA also writes the certificate fingerprint to the inline file.


For OpenVPN normal CA mode:

And finally, Easy-RSA (On Linux) writes the decimal value of the
certificate serial number to the inline file.  That decimal can be
used for the OpenVPN option --crl-verify, when using the 'dir' flag.

The OpenVPN manual says:
If the optional dir flag is specified, enable a different mode where
the crl-verify is pointed at a directory containing files named as
revoked serial numbers (the files may be empty, the contents are never read).
If a client requests a connection, where the client certificate serial number
(decimal string) is the name of a file present in the directory, it will be
rejected.


Regards

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsC5BAEBCgBtBYJn6KW0CZBPl5z2a5C4nUUUAAAAAAAcACBzYWx0QG5vdGF0
aW9ucy5vcGVucGdwanMub3JnO2OFWmq/UXA95Ff0LBgQaewIqrR41Rrbxkjn
rwYXCegWIQQJvD1EZ6ONcnnFVVVPl5z2a5C4nQAAGqgIAMPDsAnSYpqyiZpQ
9V+KFb6GttpyL8EMxm+JncePmvV7Epn9gYWnK5lv9RDbWlYMgHe20NysZHee
rG7TQTPqq7iY2yv/6Hf0GG5P5DLSN3eSTg5ryG+aD0x9d8YdVAKtlj8dxBgV
efZflcbPOmPrxHkPrrftiTs84T8RruqkNiaE95vlw9Usp/pr7AfZ7Emq9fjp
QRHdHOnZgunJyswfdFll7jCpvaAY7TYimX1vBW/hDmYktvGBfS+eayIjkk1H
AAxz2z/WJMVpf6gzxDO9Cys3HXgpuAQ2mM6DRYikQo36Mw3F1gwpnK5YWu/A
ZUuuNGt4maanRRivwNzQ2BHVYzk=
=ILyL
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to