While I appreciate the responses from everyone, no one is really explaining this in a nice step by step manner that I need. I suspect its because everyone is trying to help me learn it rather than give me the answer. The problem is the terminology compounded by extraneous info. ________________________________
If you want to use LotW keys, you CAN NOT generaty any keys.
Let me motivate:
Well its not working. I am real close to throwing in the towel and moving on to a different project.
- LotW has a CA certificate, and its private key.
- using those, it generates some intermediate certificates, public and
private keys.
- using those intermediate certificates, it generates the public and
private keys for the user which are sent to him.
I understand all this.
To generate user keys, you NEED the private keys of the intermediate certificates, which you do not have. These are needed to sign the newly generated keys.
I think of this as two parts, client and server. Maybe thats the wrong way to look at it, but either way user keys equates to me as client keys, which has already been documented in a simple manner.
I don't need the private keys because A.) I am not asking about the user/client end of this.
These are the related files in my server,conf file. I am asking where/how do I get these so that my openvpn server can be accessed by clients using the method documented in the wiki: http://wiki.ampr.org/wiki/AMPRNet_VPN
ca.crt server + all clients Root CA certificate ca.key key signing machine only Root CA key dh{n}.pem server only Diffie Hellman parameters server.crt server only Server Certificate server.key server only Server Key