Hi, >> OpenVPN uses TLS, so I'd suggest to use a TLS Server certificate on >> the server side. > > do you mean OpenVPN config file option tls-server ?
I read that OpenVPN can operate in TLS mode, but I have no idea how this is configured. >> Set the server DNS name as SubjectAlternativeName to >> make hostname verification happy. > > again ... the SubjectAlternativeName option of what, sorry? In the certificate (set by the CA). > look, here is all needed for OpenVPN key management: > http://openvpn.net/index.php/open-source/documentation/ > miscellaneous/77-rsa-key-management.html This essentially describes how to set up your own CA with some command line tools and scripts. Either you do this or you use OpenXPKI. Both at once does not make much sense... > but, how will i issue certificates for clients? i'll need them to > sign with ca ... > can i do that in OpenXPKI? Sure, that's what OpenXPKI is for :) cheers Martin ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
