[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How to allow client to send cert request?


  • Subject: Re: [Openvpn-users] How to allow client to send cert request?
  • From: Marco Fretz <mailinglist@xxxxxxx>
  • Date: Mon, 17 Sep 2007 15:56:18 +0200

Matthew Wilson wrote:
> On Fri Sep 14 15:14:18 2007, Marco Fretz wrote:
>  
>> hi
>>
>> yes they can use easy-rsa to create ther key and a crs (certification 
>> sign request) on their own host. then they send u this csr (possible 
>> over insecure line) and u sing this key with ur CA (with easy-rsa). 
>> after this u send them the ca and the signed cert file back (possible 
>> over a insecure line, too).
>>
>> rember, only keys have to be keept private. csr, ca.cert, etc. have 
>> not to be private. (correct me if im wrong pls!)
>>
>> and thanks to openvpn =), easy-rsa is available in the windows and 
>> the linux package / installer....
>>
>> kind regards
>> marco
>>     
>
> How do I use easy-rsa to do the certification sign request?
>
> Thanks for the help!
>
> Matt
>
>   
read the how-to's on openvpn.net =)
http://openvpn.net/easyrsa.html

especially section "BUILD A CERTIFICATE SIGNING REQUEST" and "SIGN A 
CERTIFICATE SIGNING REQUEST", but of corse u need the steps before, too...

u need to build the CSR on the client and u sign the CSR on the server 
(where u have the CA.key and cert)

marco










____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users