|
|
Hello, We successfully installed an openvpn server and a couple of openvpn clients. We are using private keys for authentication. I read the following in OpenVPN docs [1]: "Shouldn't it be possible to set up the PKI without a pre-existing secure channel? The answer is ostensibly yes. In the example above, for the sake of brevity, we generated all private keys in the same place. With a bit more effort, we could have done this differently. For example, instead of generating the client certificate and keys on the server, we could have had the client generate its own private key locally, and then submit a Certificate Signing Request (CSR) to the key-signing machine. In turn, the key-signing machine could have processed the CSR and returned a signed certificate to the client. This could have been done without ever requiring that a secret .key file leave the hard drive of the machine on which it was generated." Could you please advise me how to set up such a machine and where I can find software for a key-signing server? Thank you very much in advance. Regards Ivan [1] http://openvpn.net/howto.html#pki -- Tangra Mega Rock: http://www.radiotangra.com ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00084.html on line 204 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00084.html on line 204 |