Hi,
I have one installed and working openvpn server that I want to duplicate keys from, and copy them to another server. I would like to avoid generating sets of certificates specially because I reinstall often the servers from scratch.
I'm wondering if I can just take the ca.crt, dh2048.pem, ca.key and server.conf, backup them somewhere and copy them to the new server or to the new installation.
Is that sufficient ?
What should I do with my "<users>.pem" files ? How can I manage certificate revocation to unauthorize people after that ? Should I take all the key,crt, csr, pem files ?
Is there a kind of openvpn database somewhere ?
and as a general question, are the client certificate need to be maintained on the server for the client to connect the server ? if yes, where ?
Thanks for your replieS.
Franck
OpenVPN "database" and certificates duplication
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
netclic
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Feb 21, 2016 11:42 am
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: OpenVPN "database" and certificates duplication
If you use easyrsa then backup the entire directory tree where you created your PKI.
Specifically, you must copy your ca.key file.
Specifically, you must copy your ca.key file.