Hi, Martin Bartosch ([email protected]) [09.10.21 11:14] wrote:
> OpenVPN uses TLS, so I'd suggest to use a TLS Server certificate on > the server side. do you mean OpenVPN config file option tls-server ? > Set the server DNS name as SubjectAlternativeName to > make hostname verification happy. again ... the SubjectAlternativeName option of what, sorry? > For the clients I would suggest to issue TLS Client certificates. > Should work without problems. hope much it is :) look, here is all needed for OpenVPN key management: http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html in config i need: ca generated CA cert server's local certificate file key server's local key file dh generated Diffle-Hellman key so, in OpenXPKI i rise CSR for OpenVPN ca and approving it with root company CA, correct? than, dh i generate locally at OpenVPN side but, how will i issue certificates for clients? i'll need them to sign with ca ... can i do that in OpenXPKI? -- Zeus V. Panchenko GMT+2 (EET) ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
