using the openvpn pki for other stuff

Scripts to manage certificates or generate config files
Post Reply
greeg
OpenVpn Newbie
Posts: 5
Joined: Mon Oct 18, 2010 2:04 am

using the openvpn pki for other stuff

Post by greeg » Tue Oct 26, 2010 2:47 am

Hello,

I was questionning myself about using the pki of the openvpn for other stuff my WIFI infra... You know, i don't want to handle several CA or CRL... is it possible? I never do it, the openvpn PKi is my first one :roll:

Cheers,

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: using the openvpn pki for other stuff

Post by krzee » Tue Oct 26, 2010 11:44 pm

It should work, but may not...
PKI works based on your cert (public key) being signed by the CA's private key (the most secret piece of your PKI)
Then the other side can verify your cert was signed by the CA by using the CA cert.
Then you verify the other side's cert is signed by the CA's private key by checking against your ca cert.
Once you trust each other through this method you can start communicating.

Optionally you can check for more information as well. For example, in openvpn best practice is to specially sign the server cert as a server, then have clients make sure it was signed that way, in order to stop man-in-the-middle attacks.

If your other software that requires a PKI needs something extra in the PKI, you may want to use their tool to make your config, and it should work for OpenVPN

Post Reply