[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] distributing keys


  • Subject: Re: [Openvpn-users] distributing keys
  • From: "Dave" <dev@xxxxxxxxxxxxxx>
  • Date: Mon, 13 Aug 2007 19:54:19 -0500
  • Importance: Normal

...
> 
> You can sign that csr with openssl on the command line.  I 
> cannot recall the command offhand, but I think it goes something like:
> 
> openssl x509 -CA (file) -CAkey (key) -req (csr filename)
> 
> But you'll definitely want to look up the correct syntax on the web.
...

I misspoke, the command to sign CSRs is more in the for of:

openssl ca -cert ca.crt -keyfile ca.key -days 3650 -in something.csr -out
something.crt

With a myriad of other options that have relevance.  (I should probably
amend my reply to your email before the wrath of god cometh down upon my
head for misspeaking).

Also I see that there is a script in easy-rsa

sign-req

That looks like it can sign CSRs created outside of the easy-rsa build-key
things.

-Dave

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users