i'm using openvpn for quite a long time now with absolutely no problems.
I have set up a pki with easy-rsa and signed certificates for a few clients, my openvpn server and an apache webserver.
I used this constellation to authenticate clients on both of the servers.
now my needs have changed a bit and i want to set up a somehow "deeper" strukture for my pki.
But my problem is that i dont know how to do this with easy-rsa.
I have found the inherit-inter (https://community.openvpn.net/openvpn/b ... erit-inter) script shipped with easy-rsa but i dont know how this works.
here is a small diagram how i want the setup to look like.
Code: Select all
root-CA + sub-CA 1 + SSL server certificate + SSL client certificate(s) + sub-CA 2 + SSL server certificate + SSL client certificate(s) + sub-CA n ...
thanks in advance for any reply.