i'm using openvpn for quite a long time now with absolutely no problems.
I have set up a pki with easy-rsa and signed certificates for a few clients, my openvpn server and an apache webserver.
I used this constellation to authenticate clients on both of the servers.
now my needs have changed a bit and i want to set up a somehow "deeper" strukture for my pki.
But my problem is that i dont know how to do this with easy-rsa.
I have found the inherit-inter (https://community.openvpn.net/openvpn/b ... erit-inter) script shipped with easy-rsa but i dont know how this works.
here is a small diagram how i want the setup to look like.
Code: Select all
root-CA
+ sub-CA 1
+ SSL server certificate
+ SSL client certificate(s)
+ sub-CA 2
+ SSL server certificate
+ SSL client certificate(s)
+ sub-CA n
...
thanks in advance for any reply.