[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: Automating client setup

  • Subject: [Openvpn-users] Re: Automating client setup
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Sun, 27 Mar 2005 23:41:49 -0600

On Sun, 27 Mar 2005 02:55:15 +0000, Hypherion wrote:

> This sounds interesting, however I have a few more questions: - did you
> have to modify source code or anything else for the MyCert wizard except
> the .ini file?

Yes. I modified the source to prompt for different items (particularly,
username and hostname) and to construct the CN based on those items.

> - how will users download the installation package if it is on the
> intranet and they do not have VPN access yet?

Our intranet is available from the outside world via authenticated SSL

> - have you looked into creating your own installation package so users
> would not have to download the additional zip file? (i.e. it will be
> integrated in the package)

Yup. It's part of the if-I-had-the-time set of  items.

> - how do you actually check that the CSR comes from a trusted user?

The CN is in part constructed by their username on our system. We email
the signed certificate back to that username on our system (as opposed to
whatever personal email account it may have come from).

Openvpn-users mailing list