|
|
Currently I have a "flat" PKI: one root CA issues the certs for both OpenVPN clients and for my EAP-TLS WPA2-Enterprize WiFi clients. No surprize that either certificate works in either service: a WiFi client can authenticate to OpenVPN server and vice versa. I'd like to avoid this. I think of implementing the hierarchy into the PKI: one root CA would create some second-level RAs that would issue their certs specifically either for WiFi or OpenVPN. I aim to achieve an "isolation" between OpenVPN and WiFi certificate owners. The question is: what should I change in the "easy RSA" scripts and the server|client configuration to acheve this? Tony. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00093.html on line 189 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00093.html on line 189 |