easy-rsa pki
Posted: Mon Dec 05, 2011 12:26 pm
Hello everyone,
i'm using openvpn for quite a long time now with absolutely no problems.
I have set up a pki with easy-rsa and signed certificates for a few clients, my openvpn server and an apache webserver.
I used this constellation to authenticate clients on both of the servers.
now my needs have changed a bit and i want to set up a somehow "deeper" strukture for my pki.
But my problem is that i dont know how to do this with easy-rsa.
I have found the inherit-inter (https://community.openvpn.net/openvpn/b ... erit-inter) script shipped with easy-rsa but i dont know how this works.
here is a small diagram how i want the setup to look like.
can someone help me to archive this with easy-rsa? or do i need to use openssl by hand?
thanks in advance for any reply.
i'm using openvpn for quite a long time now with absolutely no problems.
I have set up a pki with easy-rsa and signed certificates for a few clients, my openvpn server and an apache webserver.
I used this constellation to authenticate clients on both of the servers.
now my needs have changed a bit and i want to set up a somehow "deeper" strukture for my pki.
But my problem is that i dont know how to do this with easy-rsa.
I have found the inherit-inter (https://community.openvpn.net/openvpn/b ... erit-inter) script shipped with easy-rsa but i dont know how this works.
here is a small diagram how i want the setup to look like.
Code: Select all
root-CA
+ sub-CA 1
+ SSL server certificate
+ SSL client certificate(s)
+ sub-CA 2
+ SSL server certificate
+ SSL client certificate(s)
+ sub-CA n
...
thanks in advance for any reply.
