Seperate Certificate Issuer machine and OpenVPN server

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
BETELGEUSE58
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 08, 2011 2:25 am

Seperate Certificate Issuer machine and OpenVPN server

Post by BETELGEUSE58 » Fri Apr 08, 2011 2:30 am

Hi

I have a local machine used for generating new client keys and certificates.

I have a remote server running as the server for connecting to.

Question is, when I generate a new client files (locally) what do I need to copy to the server (remote machine I want new client to connect to) for it to recognise them as a genuine client?

Is all I need the CA.crt file placed on the server for it to recognise new client? Or are there other files that will need to be copied to the server also?

Thank you

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Seperate Certificate Issuer machine and OpenVPN server

Post by maikcat » Fri Apr 08, 2011 6:58 am

hi there,

i always leave on server only
ca.crt
server.crt
server.key
ta.key
dh1024.pem

nothing more...

if you keep all the key files (+vars etc) in one pc yes you can generate keys that work...
also keep index.txt and serial files..

ps:NEVER leave ca.key on server

Michael
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

Post Reply