[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] A naive PKI question: an intermediate CA - how?

Subject: [Openvpn-users] A naive PKI question: an intermediate CA - how?
From: Tony <kb2wjw@xxxxxxxxx>
Date: Thu, 09 Nov 2006 17:03:49 +0300

Currently I have a "flat" PKI: one root CA issues the certs for both  
OpenVPN clients and for my EAP-TLS WPA2-Enterprize WiFi clients.
No surprize that either certificate works in either service: a WiFi client  
can authenticate to OpenVPN server and vice versa.

I'd like to avoid this.

I think of implementing the hierarchy into the PKI: one root CA would  
create some second-level RAs that would issue their certs specifically  
either for WiFi or OpenVPN. I aim to achieve an "isolation" between  
OpenVPN and WiFi certificate owners.

The question is: what should I change in the "easy RSA" scripts and the  
server|client configuration to acheve this?

Tony.

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] A naive PKI question: an intermediate CA - how?
  - From: Charles Duffy

Prev by Date: [Openvpn-users] push interface alias
Next by Date: Re: [Openvpn-users] A naive PKI question: an intermediate CA - how?
Previous by thread: [Openvpn-users] push interface alias
Next by thread: Re: [Openvpn-users] A naive PKI question: an intermediate CA - how?
Index(es):
- Date
- Thread