17 Mar
2016
17 Mar
'16
2:33 p.m.
On Thu, Mar 17, 2016 at 12:18 PM, Marius Petrescu <marius(a)yo2loj.ro> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
It is a long time since I playeed with OpenVPN, but to put it simple:
The result should be to have the LotW intermediate certificates as CAs into
your OpenVPN setup, and your LotW certificate as the server certificate,
together with its private key.
Any client with a LotW certificate connecting to your server would be
validated.
Something like this...
It looks like you got cut off, so I'll finish it. ;)
Server Side:
ca.crt = The latest LotW Root CA cert
server.crt = Your personal LotW cert concatenated with the
intermediate that signed it.
server.key = The private key associated with your personal cert
-OR-
server.p12 = A p12 cert bundle that has your personal cert, private
key, and intermediate all in one file. (if your version of openssl
supports this. It may require putting the file's encryption password
in the config file so it can be opened by the program.
Client side:
ca.crt = The latest LotW Root CA cert
client.crt = Their personal LotW cert concatenated with the
intermediate that signed it.
client.key = The private key associated with their personal cert
-OR-
client.p12 = A p12 cert bundle that has their personal cert, private
key, and intermediate all in one file. (if their version of openssl
supports this. It may require putting the file's encryption password
in the config file so it can be opened by the program.