While I appreciate the responses from everyone, no one is really
explaining this in a nice step by step manner that I need. I suspect
its because everyone is trying to help me learn it rather than give me
the answer. The problem is the terminology compounded by extraneous
info.
________________________________
If you want to use LotW keys, you CAN NOT generaty any
keys.
Let me motivate:
Well its not working. I am real close to throwing in the towel and
moving on to a different project.
- LotW has a CA certificate, and its private key.
- using those, it generates some intermediate certificates, public and
private keys.
- using those intermediate certificates, it generates the public and
private keys for the user which are sent to him.
I understand all this.
To generate user keys, you NEED the private keys of the
intermediate
certificates, which you do not have. These are needed to sign the newly
generated keys.
I think of this as two parts, client and server. Maybe thats the
wrong way to look at it, but either way user keys equates to me as
client keys, which has already been documented in a simple manner.
I don't need the private keys because A.) I am not asking about the
user/client end of this.
These are the related files in my server,conf file. I am asking
where/how do I get these so that my openvpn server can be accessed by
clients using the method documented in the wiki:
http://wiki.ampr.org/wiki/AMPRNet_VPN
ca.crt server + all clients Root CA certificate
ca.key key signing machine only Root CA key
dh{n}.pem server only Diffie Hellman parameters
server.crt server only Server Certificate
server.key server only Server Key