[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] new certificates and dh1024.pem file


  • Subject: [Openvpn-users] new certificates and dh1024.pem file
  • From: "Bonno Bloksma" <b.bloksma@xxxxxx>
  • Date: Thu, 26 Jul 2007 16:22:41 +0200

Hi,
 
A while ago I created several certificates with easy-rsa. At the time I even created two server certificates when I thought I was going to create a network with redundant hubs. The second hub (ein) was never launched but I have a problem getting that site up in the air as a client.
From the log:

----------<quote>--------------------
.....
Jul 26 15:17:55 linein openvpn[3506]: VERIFY OK: depth=0, /C=NL/ST=NB/O=OpenVPN-TIO/CN=lola/emailAddress=postmaster@xxxxxx
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS handshake failed
Jul 26 15:18:55 linein openvpn[3506]: TCP/UDP: Closing socket
Jul 26 15:18:55 linein openvpn[3506]: SIGUSR1[soft,tls-error] received, process restarting
.....
----------<quote>--------------------
Is this indeed a network error or is something else going on?
 
Also, I need a few extra certificates for some new sites.
 
The HOWTO is great for first time use but it could need a little extra info which commands to use when needing extra certificates.
 
According to the HOWTO I first need to create the server(s) certificate, then the clients. After that I need to create a Diffie Hellman file.
 
Can I simply create extra client certificates using:
. vars
./build-key client-next1
./build-key client-next2
./build-key client-next3
etc.
Ready?
 
Do I need to do anything with the dh1024.pem file?
Or any of the other *.pem files?
Can I use the same CN for the "ein" site as before making use the previous certificate is never used?
I control ALL *.key and *.crt files, nothing is at a place where I cannot access it. I can simply delete all instances of the old ein.* files.
 
What are the xx.pem files for?

Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer

tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
b.bloksma@xxxxxx  / www.tio.nl