18 Mar
2016
18 Mar
'16
4:24 a.m.
On Thu, 17 Mar 2016, Steve L wrote:
For anyone else with further clarification:
Server Side:
- ca.crt = The latest LotW Root CA cert
certs\root*, you need to break them apart an select the latest one
Actually, to support clients with certificates which have been signed by
one of the older certs, you should supply all of those LotW certificates
in ca.crt. Yes, you can have them all in there, concatenated, OpenVPN
will support that.
- server.crt* = Your personal LotW cert concatenated
with the
intermediate that signed it.
I don't think that will work. Your personal LotW cert does not contain
"key usage" parameters that would allow it to be used as a server
certificate, so the openvpn client probably will reject it. (If it
doesn't, it is misconfigured.)
You should set up a private CA and have it issue a server certificate to
be used for the server cert, and the client should use that private CA's
certificate as the "ca cert".
certs\user* + certs\authorities*
- server.key = The private key associated with your personal cert
keys\YOURCALL*
*References are to the Windows TQSL program:
C:\Documents and Settings\your-username\Application Data\TrustedQSL\
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
- Hessu